dma-coherent.c: error path bug
in [Kernel]
|
Prev: Unable to boot after "ACPI: Don't let acpi_pad needlessly mark TSC unstable"
Next: linux-next: manual merge of the devicetree tree with Linus' tree
From: FUJITA Tomonori on 6 Jun 2010 22:40 On Sun, 6 Jun 2010 13:53:04 +0300 Marin Mitov <mitov(a)issp.bas.bg> wrote: > Hi all, > > The error path in dma_declare_coherent_memory() leaves > the pointer dev->dma_mem non completely initialized. > > If allocation of dev->dma_mem succeeds, > but allocation of dev->dma_mem->bitmap fails > dev->dma_mem is freed, but left non NULL > and non completely initialized. > > Either zero it after being freed (one liner patch), or assign to > dev->dma_mem only completely initialized structure (patch included). > > Comments welcome. > > Marin Mitov > > Signed-off-by: Marin Mitov <mitov(a)issp.bas.bg> Hmm, if dma_declare_coherent_memory() fails, the driver doesn't use dev->dma_mem. So even if dev->dma_mem points to a freed memory, I'm not sure that it causes a real problem. We could call this patch a cleanup though. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Marin Mitov on 7 Jun 2010 00:20 On Monday, June 07, 2010 05:30:48 am FUJITA Tomonori wrote: > On Sun, 6 Jun 2010 13:53:04 +0300 > Marin Mitov <mitov(a)issp.bas.bg> wrote: > > > Hi all, > > > > The error path in dma_declare_coherent_memory() leaves > > the pointer dev->dma_mem non completely initialized. > > > > If allocation of dev->dma_mem succeeds, > > but allocation of dev->dma_mem->bitmap fails > > dev->dma_mem is freed, but left non NULL > > and non completely initialized. > > > > Either zero it after being freed (one liner patch), or assign to > > dev->dma_mem only completely initialized structure (patch included). > > > > Comments welcome. > > > > Marin Mitov > > > > Signed-off-by: Marin Mitov <mitov(a)issp.bas.bg> > > Hmm, if dma_declare_coherent_memory() fails, the driver doesn't use > dev->dma_mem. So even if dev->dma_mem points to a freed memory, I'm > not sure that it causes a real problem. We could call this patch a > cleanup though. > My understanding of dma_alloc_coherent() is that we first try to allocate from per-device coherent memory and we do it using dma_alloc_from_coherent() (in drivers/base/dma-coherent.c) if dev->dma_mem is not NULL (and we have left it not NULL, here is the problem). If allocation of dev->dma_mem->bitmap fails dev->dma_mem must be NULL. Marin Mitov -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: FUJITA Tomonori on 7 Jun 2010 00:30 On Mon, 7 Jun 2010 07:08:56 +0300 Marin Mitov <mitov(a)issp.bas.bg> wrote: > On Monday, June 07, 2010 05:30:48 am FUJITA Tomonori wrote: > > On Sun, 6 Jun 2010 13:53:04 +0300 > > Marin Mitov <mitov(a)issp.bas.bg> wrote: > > > > > Hi all, > > > > > > The error path in dma_declare_coherent_memory() leaves > > > the pointer dev->dma_mem non completely initialized. > > > > > > If allocation of dev->dma_mem succeeds, > > > but allocation of dev->dma_mem->bitmap fails > > > dev->dma_mem is freed, but left non NULL > > > and non completely initialized. > > > > > > Either zero it after being freed (one liner patch), or assign to > > > dev->dma_mem only completely initialized structure (patch included). > > > > > > Comments welcome. > > > > > > Marin Mitov > > > > > > Signed-off-by: Marin Mitov <mitov(a)issp.bas.bg> > > > > Hmm, if dma_declare_coherent_memory() fails, the driver doesn't use > > dev->dma_mem. So even if dev->dma_mem points to a freed memory, I'm > > not sure that it causes a real problem. We could call this patch a > > cleanup though. > > > My understanding of dma_alloc_coherent() is that we first try to allocate from > per-device coherent memory and we do it using dma_alloc_from_coherent() > (in drivers/base/dma-coherent.c) if dev->dma_mem is not NULL (and we have > left it not NULL, here is the problem). If allocation of dev->dma_mem->bitmap > fails dev->dma_mem must be NULL. But are there any driver that can continue when dma_declare_coherent_memory() fails? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Marin Mitov on 7 Jun 2010 00:50 On Monday, June 07, 2010 07:27:49 am FUJITA Tomonori wrote: > On Mon, 7 Jun 2010 07:08:56 +0300 > Marin Mitov <mitov(a)issp.bas.bg> wrote: > > > On Monday, June 07, 2010 05:30:48 am FUJITA Tomonori wrote: > > > On Sun, 6 Jun 2010 13:53:04 +0300 > > > Marin Mitov <mitov(a)issp.bas.bg> wrote: > > > > > > > Hi all, > > > > > > > > The error path in dma_declare_coherent_memory() leaves > > > > the pointer dev->dma_mem non completely initialized. > > > > > > > > If allocation of dev->dma_mem succeeds, > > > > but allocation of dev->dma_mem->bitmap fails > > > > dev->dma_mem is freed, but left non NULL > > > > and non completely initialized. > > > > > > > > Either zero it after being freed (one liner patch), or assign to > > > > dev->dma_mem only completely initialized structure (patch included). > > > > > > > > Comments welcome. > > > > > > > > Marin Mitov > > > > > > > > Signed-off-by: Marin Mitov <mitov(a)issp.bas.bg> > > > > > > Hmm, if dma_declare_coherent_memory() fails, the driver doesn't use > > > dev->dma_mem. So even if dev->dma_mem points to a freed memory, I'm > > > not sure that it causes a real problem. We could call this patch a > > > cleanup though. > > > > > My understanding of dma_alloc_coherent() is that we first try to allocate from > > per-device coherent memory and we do it using dma_alloc_from_coherent() > > (in drivers/base/dma-coherent.c) if dev->dma_mem is not NULL (and we have > > left it not NULL, here is the problem). If allocation of dev->dma_mem->bitmap > > fails dev->dma_mem must be NULL. > > But are there any driver that can continue when dma_declare_coherent_memory() fails? > I do not know if such a real driver exists. My understanding of drivers' use of dma_declare_coherent_memory() is to declare some (may be on board) memory as coherent, so when they call dma_alloc_coherent() the request is satisfied first from this area and when it is exhausted fall back to other pools of coherent memory. As far as a fall back exists the driver may continue even if dma_declare_coherent_memory() fails. Marin Mitov -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: FUJITA Tomonori on 7 Jun 2010 01:10
On Mon, 7 Jun 2010 07:43:19 +0300 Marin Mitov <mitov(a)issp.bas.bg> wrote: > On Monday, June 07, 2010 07:27:49 am FUJITA Tomonori wrote: > > On Mon, 7 Jun 2010 07:08:56 +0300 > > Marin Mitov <mitov(a)issp.bas.bg> wrote: > > > > > On Monday, June 07, 2010 05:30:48 am FUJITA Tomonori wrote: > > > > On Sun, 6 Jun 2010 13:53:04 +0300 > > > > Marin Mitov <mitov(a)issp.bas.bg> wrote: > > > > > > > > > Hi all, > > > > > > > > > > The error path in dma_declare_coherent_memory() leaves > > > > > the pointer dev->dma_mem non completely initialized. > > > > > > > > > > If allocation of dev->dma_mem succeeds, > > > > > but allocation of dev->dma_mem->bitmap fails > > > > > dev->dma_mem is freed, but left non NULL > > > > > and non completely initialized. > > > > > > > > > > Either zero it after being freed (one liner patch), or assign to > > > > > dev->dma_mem only completely initialized structure (patch included). > > > > > > > > > > Comments welcome. > > > > > > > > > > Marin Mitov > > > > > > > > > > Signed-off-by: Marin Mitov <mitov(a)issp.bas.bg> > > > > > > > > Hmm, if dma_declare_coherent_memory() fails, the driver doesn't use > > > > dev->dma_mem. So even if dev->dma_mem points to a freed memory, I'm > > > > not sure that it causes a real problem. We could call this patch a > > > > cleanup though. > > > > > > > My understanding of dma_alloc_coherent() is that we first try to allocate from > > > per-device coherent memory and we do it using dma_alloc_from_coherent() > > > (in drivers/base/dma-coherent.c) if dev->dma_mem is not NULL (and we have > > > left it not NULL, here is the problem). If allocation of dev->dma_mem->bitmap > > > fails dev->dma_mem must be NULL. > > > > But are there any driver that can continue when dma_declare_coherent_memory() fails? > > > I do not know if such a real driver exists. From a quick look, seems no. There is no fallback for such hardware, it's safe assumption, I guess. As I wrote, I don't think that the patch is rc material since seems that this doesn't cause a real problem. However, it looks fine for the next merge window. Thanks, -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |