Netdev Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Zheyu Ma <zheyuma97@gmail.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
linux-atm-general@lists.sourceforge.net, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 54/74] atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
Date: Tue, 6 Jul 2021 07:24:42 -0400 [thread overview]
Message-ID: <20210706112502.2064236-54-sashal@kernel.org> (raw)
In-Reply-To: <20210706112502.2064236-1-sashal@kernel.org>
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 6a1e5a4af17e440dd82a58a2c5f40ff17a82b722 ]
When 'nicstar_init_one' fails, 'ns_init_card_error' will be executed for
error handling, but the correct memory free function should be used,
otherwise it will cause an error. Since 'card->rsq.org' and
'card->tsq.org' are allocated using 'dma_alloc_coherent' function, they
should be freed using 'dma_free_coherent'.
Fix this by using 'dma_free_coherent' instead of 'kfree'
This log reveals it:
[ 3.440294] kernel BUG at mm/slub.c:4206!
[ 3.441059] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 3.441430] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 5.12.4-g70e7f0549188-dirty #141
[ 3.441986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[ 3.442780] RIP: 0010:kfree+0x26a/0x300
[ 3.443065] Code: e8 3a c3 b9 ff e9 d6 fd ff ff 49 8b 45 00 31 db a9 00 00 01 00 75 4d 49 8b 45 00 a9 00 00 01 00 75 0a 49 8b 45 08 a8 01 75 02 <0f> 0b 89 d9 b8 00 10 00 00 be 06 00 00 00 48 d3 e0 f7 d8 48 63 d0
[ 3.443396] RSP: 0000:ffffc90000017b70 EFLAGS: 00010246
[ 3.443396] RAX: dead000000000100 RBX: 0000000000000000 RCX: 0000000000000000
[ 3.443396] RDX: 0000000000000000 RSI: ffffffff85d3df94 RDI: ffffffff85df38e6
[ 3.443396] RBP: ffffc90000017b90 R08: 0000000000000001 R09: 0000000000000001
[ 3.443396] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888107dc0000
[ 3.443396] R13: ffffea00001f0100 R14: ffff888101a8bf00 R15: ffff888107dc0160
[ 3.443396] FS: 0000000000000000(0000) GS:ffff88817bc80000(0000) knlGS:0000000000000000
[ 3.443396] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.443396] CR2: 0000000000000000 CR3: 000000000642e000 CR4: 00000000000006e0
[ 3.443396] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3.443396] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3.443396] Call Trace:
[ 3.443396] ns_init_card_error+0x12c/0x220
[ 3.443396] nicstar_init_one+0x10d2/0x1130
[ 3.443396] local_pci_probe+0x4a/0xb0
[ 3.443396] pci_device_probe+0x126/0x1d0
[ 3.443396] ? pci_device_remove+0x100/0x100
[ 3.443396] really_probe+0x27e/0x650
[ 3.443396] driver_probe_device+0x84/0x1d0
[ 3.443396] ? mutex_lock_nested+0x16/0x20
[ 3.443396] device_driver_attach+0x63/0x70
[ 3.443396] __driver_attach+0x117/0x1a0
[ 3.443396] ? device_driver_attach+0x70/0x70
[ 3.443396] bus_for_each_dev+0xb6/0x110
[ 3.443396] ? rdinit_setup+0x40/0x40
[ 3.443396] driver_attach+0x22/0x30
[ 3.443396] bus_add_driver+0x1e6/0x2a0
[ 3.443396] driver_register+0xa4/0x180
[ 3.443396] __pci_register_driver+0x77/0x80
[ 3.443396] ? uPD98402_module_init+0xd/0xd
[ 3.443396] nicstar_init+0x1f/0x75
[ 3.443396] do_one_initcall+0x7a/0x3d0
[ 3.443396] ? rdinit_setup+0x40/0x40
[ 3.443396] ? rcu_read_lock_sched_held+0x4a/0x70
[ 3.443396] kernel_init_freeable+0x2a7/0x2f9
[ 3.443396] ? rest_init+0x2c0/0x2c0
[ 3.443396] kernel_init+0x13/0x180
[ 3.443396] ? rest_init+0x2c0/0x2c0
[ 3.443396] ? rest_init+0x2c0/0x2c0
[ 3.443396] ret_from_fork+0x1f/0x30
[ 3.443396] Modules linked in:
[ 3.443396] Dumping ftrace buffer:
[ 3.443396] (ftrace buffer empty)
[ 3.458593] ---[ end trace 3c6f8f0d8ef59bcd ]---
[ 3.458922] RIP: 0010:kfree+0x26a/0x300
[ 3.459198] Code: e8 3a c3 b9 ff e9 d6 fd ff ff 49 8b 45 00 31 db a9 00 00 01 00 75 4d 49 8b 45 00 a9 00 00 01 00 75 0a 49 8b 45 08 a8 01 75 02 <0f> 0b 89 d9 b8 00 10 00 00 be 06 00 00 00 48 d3 e0 f7 d8 48 63 d0
[ 3.460499] RSP: 0000:ffffc90000017b70 EFLAGS: 00010246
[ 3.460870] RAX: dead000000000100 RBX: 0000000000000000 RCX: 0000000000000000
[ 3.461371] RDX: 0000000000000000 RSI: ffffffff85d3df94 RDI: ffffffff85df38e6
[ 3.461873] RBP: ffffc90000017b90 R08: 0000000000000001 R09: 0000000000000001
[ 3.462372] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888107dc0000
[ 3.462871] R13: ffffea00001f0100 R14: ffff888101a8bf00 R15: ffff888107dc0160
[ 3.463368] FS: 0000000000000000(0000) GS:ffff88817bc80000(0000) knlGS:0000000000000000
[ 3.463949] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.464356] CR2: 0000000000000000 CR3: 000000000642e000 CR4: 00000000000006e0
[ 3.464856] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3.465356] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3.465860] Kernel panic - not syncing: Fatal exception
[ 3.466370] Dumping ftrace buffer:
[ 3.466616] (ftrace buffer empty)
[ 3.466871] Kernel Offset: disabled
[ 3.467122] Rebooting in 1 seconds..
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/atm/nicstar.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c
index 5ec7b6a60145..f1e8aa26d284 100644
--- a/drivers/atm/nicstar.c
+++ b/drivers/atm/nicstar.c
@@ -837,10 +837,12 @@ static void ns_init_card_error(ns_dev *card, int error)
dev_kfree_skb_any(hb);
}
if (error >= 12) {
- kfree(card->rsq.org);
+ dma_free_coherent(&card->pcidev->dev, NS_RSQSIZE + NS_RSQ_ALIGNMENT,
+ card->rsq.org, card->rsq.dma);
}
if (error >= 11) {
- kfree(card->tsq.org);
+ dma_free_coherent(&card->pcidev->dev, NS_TSQSIZE + NS_TSQ_ALIGNMENT,
+ card->tsq.org, card->tsq.dma);
}
if (error >= 10) {
free_irq(card->pcidev->irq, card);
--
2.30.2
next prev parent reply other threads:[~2021-07-06 12:23 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20210706112502.2064236-1-sashal@kernel.org>
2021-07-06 11:23 ` [PATCH AUTOSEL 5.4 06/74] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() Sasha Levin
2021-07-06 11:23 ` [PATCH AUTOSEL 5.4 09/74] atm: iphase: fix possible use-after-free in ia_module_exit() Sasha Levin
2021-07-06 11:23 ` [PATCH AUTOSEL 5.4 10/74] mISDN: fix possible use-after-free in HFC_cleanup() Sasha Levin
2021-07-06 11:23 ` [PATCH AUTOSEL 5.4 11/74] atm: nicstar: Fix possible use-after-free in nicstar_cleanup() Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 12/74] net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 17/74] bpf: Check for BPF_F_ADJ_ROOM_FIXED_GSO when bpf_skb_change_proto Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 20/74] e100: handle eeprom as little endian Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 21/74] igb: handle vlan types with checker enabled Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 25/74] ipv6: use prandom_u32() for ID generation Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 29/74] ice: set the value of global config lock timeout longer Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 30/74] virtio_net: Remove BUG() to avoid machine dead Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 31/74] net: bcmgenet: check return value after calling platform_get_resource() Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 32/74] net: mvpp2: " Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 33/74] net: micrel: " Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 34/74] net: moxa: Use devm_platform_get_and_ioremap_resource() Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 39/74] fjes: check return value after calling platform_get_resource() Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 41/74] r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 43/74] xfrm: Fix error reporting in xfrm_state_construct Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 44/74] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 45/74] wl1251: Fix possible buffer overflow in wl1251_cmd_scan Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 46/74] cw1200: add missing MODULE_DEVICE_TABLE Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 47/74] bpf: Fix up register-based shifts in interpreter to silence KUBSAN Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 48/74] mt76: mt7615: fix fixed-rate tx status reporting Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 50/74] net: sched: fix error return code in tcf_del_walker() Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 52/74] rtl8xxxu: Fix device info for RTL8192EU devices Sasha Levin
2021-07-06 11:24 ` Sasha Levin [this message]
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 55/74] atm: nicstar: register the interrupt handler in the right place Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 56/74] vsock: notify server to shutdown when client has pending signal Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 58/74] iwlwifi: mvm: don't change band on bound PHY contexts Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 59/74] iwlwifi: pcie: free IML DMA memory allocation Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 60/74] iwlwifi: pcie: fix context info freeing Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 61/74] sfc: avoid double pci_remove of VFs Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 62/74] sfc: error code if SRIOV cannot be disabled Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 63/74] wireless: wext-spy: Fix out-of-bounds warning Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 64/74] media, bpf: Do not copy more entries than user space requested Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 65/74] net: ip: avoid OOM kills with large UDP sends over loopback Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 68/74] Bluetooth: Fix the HCI to MGMT status conversion table Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 69/74] Bluetooth: Shutdown controller after workqueues are flushed or cancelled Sasha Levin
2021-07-06 11:24 ` [PATCH AUTOSEL 5.4 71/74] sctp: validate from_addr_param return Sasha Levin
2021-07-06 11:25 ` [PATCH AUTOSEL 5.4 72/74] sctp: add size validation when walking chunks Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210706112502.2064236-54-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=linux-atm-general@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=zheyuma97@gmail.com \
--subject='Re: [PATCH AUTOSEL 5.4 54/74] atm: nicstar: use '\''dma_free_coherent'\'' instead of '\''kfree'\''' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).