Netdev Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Zheyu Ma <zheyuma97@gmail.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
linux-atm-general@lists.sourceforge.net, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 32/45] atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
Date: Tue, 6 Jul 2021 07:27:36 -0400 [thread overview]
Message-ID: <20210706112749.2065541-32-sashal@kernel.org> (raw)
In-Reply-To: <20210706112749.2065541-1-sashal@kernel.org>
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 6a1e5a4af17e440dd82a58a2c5f40ff17a82b722 ]
When 'nicstar_init_one' fails, 'ns_init_card_error' will be executed for
error handling, but the correct memory free function should be used,
otherwise it will cause an error. Since 'card->rsq.org' and
'card->tsq.org' are allocated using 'dma_alloc_coherent' function, they
should be freed using 'dma_free_coherent'.
Fix this by using 'dma_free_coherent' instead of 'kfree'
This log reveals it:
[ 3.440294] kernel BUG at mm/slub.c:4206!
[ 3.441059] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 3.441430] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 5.12.4-g70e7f0549188-dirty #141
[ 3.441986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[ 3.442780] RIP: 0010:kfree+0x26a/0x300
[ 3.443065] Code: e8 3a c3 b9 ff e9 d6 fd ff ff 49 8b 45 00 31 db a9 00 00 01 00 75 4d 49 8b 45 00 a9 00 00 01 00 75 0a 49 8b 45 08 a8 01 75 02 <0f> 0b 89 d9 b8 00 10 00 00 be 06 00 00 00 48 d3 e0 f7 d8 48 63 d0
[ 3.443396] RSP: 0000:ffffc90000017b70 EFLAGS: 00010246
[ 3.443396] RAX: dead000000000100 RBX: 0000000000000000 RCX: 0000000000000000
[ 3.443396] RDX: 0000000000000000 RSI: ffffffff85d3df94 RDI: ffffffff85df38e6
[ 3.443396] RBP: ffffc90000017b90 R08: 0000000000000001 R09: 0000000000000001
[ 3.443396] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888107dc0000
[ 3.443396] R13: ffffea00001f0100 R14: ffff888101a8bf00 R15: ffff888107dc0160
[ 3.443396] FS: 0000000000000000(0000) GS:ffff88817bc80000(0000) knlGS:0000000000000000
[ 3.443396] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.443396] CR2: 0000000000000000 CR3: 000000000642e000 CR4: 00000000000006e0
[ 3.443396] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3.443396] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3.443396] Call Trace:
[ 3.443396] ns_init_card_error+0x12c/0x220
[ 3.443396] nicstar_init_one+0x10d2/0x1130
[ 3.443396] local_pci_probe+0x4a/0xb0
[ 3.443396] pci_device_probe+0x126/0x1d0
[ 3.443396] ? pci_device_remove+0x100/0x100
[ 3.443396] really_probe+0x27e/0x650
[ 3.443396] driver_probe_device+0x84/0x1d0
[ 3.443396] ? mutex_lock_nested+0x16/0x20
[ 3.443396] device_driver_attach+0x63/0x70
[ 3.443396] __driver_attach+0x117/0x1a0
[ 3.443396] ? device_driver_attach+0x70/0x70
[ 3.443396] bus_for_each_dev+0xb6/0x110
[ 3.443396] ? rdinit_setup+0x40/0x40
[ 3.443396] driver_attach+0x22/0x30
[ 3.443396] bus_add_driver+0x1e6/0x2a0
[ 3.443396] driver_register+0xa4/0x180
[ 3.443396] __pci_register_driver+0x77/0x80
[ 3.443396] ? uPD98402_module_init+0xd/0xd
[ 3.443396] nicstar_init+0x1f/0x75
[ 3.443396] do_one_initcall+0x7a/0x3d0
[ 3.443396] ? rdinit_setup+0x40/0x40
[ 3.443396] ? rcu_read_lock_sched_held+0x4a/0x70
[ 3.443396] kernel_init_freeable+0x2a7/0x2f9
[ 3.443396] ? rest_init+0x2c0/0x2c0
[ 3.443396] kernel_init+0x13/0x180
[ 3.443396] ? rest_init+0x2c0/0x2c0
[ 3.443396] ? rest_init+0x2c0/0x2c0
[ 3.443396] ret_from_fork+0x1f/0x30
[ 3.443396] Modules linked in:
[ 3.443396] Dumping ftrace buffer:
[ 3.443396] (ftrace buffer empty)
[ 3.458593] ---[ end trace 3c6f8f0d8ef59bcd ]---
[ 3.458922] RIP: 0010:kfree+0x26a/0x300
[ 3.459198] Code: e8 3a c3 b9 ff e9 d6 fd ff ff 49 8b 45 00 31 db a9 00 00 01 00 75 4d 49 8b 45 00 a9 00 00 01 00 75 0a 49 8b 45 08 a8 01 75 02 <0f> 0b 89 d9 b8 00 10 00 00 be 06 00 00 00 48 d3 e0 f7 d8 48 63 d0
[ 3.460499] RSP: 0000:ffffc90000017b70 EFLAGS: 00010246
[ 3.460870] RAX: dead000000000100 RBX: 0000000000000000 RCX: 0000000000000000
[ 3.461371] RDX: 0000000000000000 RSI: ffffffff85d3df94 RDI: ffffffff85df38e6
[ 3.461873] RBP: ffffc90000017b90 R08: 0000000000000001 R09: 0000000000000001
[ 3.462372] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888107dc0000
[ 3.462871] R13: ffffea00001f0100 R14: ffff888101a8bf00 R15: ffff888107dc0160
[ 3.463368] FS: 0000000000000000(0000) GS:ffff88817bc80000(0000) knlGS:0000000000000000
[ 3.463949] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.464356] CR2: 0000000000000000 CR3: 000000000642e000 CR4: 00000000000006e0
[ 3.464856] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3.465356] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3.465860] Kernel panic - not syncing: Fatal exception
[ 3.466370] Dumping ftrace buffer:
[ 3.466616] (ftrace buffer empty)
[ 3.466871] Kernel Offset: disabled
[ 3.467122] Rebooting in 1 seconds..
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/atm/nicstar.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c
index 2c1a81b85816..d62ec533087e 100644
--- a/drivers/atm/nicstar.c
+++ b/drivers/atm/nicstar.c
@@ -838,10 +838,12 @@ static void ns_init_card_error(ns_dev *card, int error)
dev_kfree_skb_any(hb);
}
if (error >= 12) {
- kfree(card->rsq.org);
+ dma_free_coherent(&card->pcidev->dev, NS_RSQSIZE + NS_RSQ_ALIGNMENT,
+ card->rsq.org, card->rsq.dma);
}
if (error >= 11) {
- kfree(card->tsq.org);
+ dma_free_coherent(&card->pcidev->dev, NS_TSQSIZE + NS_TSQ_ALIGNMENT,
+ card->tsq.org, card->tsq.dma);
}
if (error >= 10) {
free_irq(card->pcidev->irq, card);
--
2.30.2
next prev parent reply other threads:[~2021-07-06 11:44 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20210706112749.2065541-1-sashal@kernel.org>
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 05/45] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 07/45] atm: iphase: fix possible use-after-free in ia_module_exit() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 08/45] mISDN: fix possible use-after-free in HFC_cleanup() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 09/45] atm: nicstar: Fix possible use-after-free in nicstar_cleanup() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 10/45] net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 15/45] e100: handle eeprom as little endian Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 18/45] ipv6: use prandom_u32() for ID generation Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 21/45] virtio_net: Remove BUG() to avoid machine dead Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 22/45] net: bcmgenet: check return value after calling platform_get_resource() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 23/45] net: micrel: " Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 24/45] net: moxa: Use devm_platform_get_and_ioremap_resource() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 25/45] fjes: check return value after calling platform_get_resource() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 27/45] xfrm: Fix error reporting in xfrm_state_construct Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 28/45] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 29/45] wl1251: Fix possible buffer overflow in wl1251_cmd_scan Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 30/45] cw1200: add missing MODULE_DEVICE_TABLE Sasha Levin
2021-07-06 11:27 ` Sasha Levin [this message]
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 33/45] atm: nicstar: register the interrupt handler in the right place Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 34/45] vsock: notify server to shutdown when client has pending signal Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 36/45] iwlwifi: mvm: don't change band on bound PHY contexts Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 37/45] sfc: avoid double pci_remove of VFs Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 38/45] sfc: error code if SRIOV cannot be disabled Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 39/45] wireless: wext-spy: Fix out-of-bounds warning Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 41/45] Bluetooth: Fix the HCI to MGMT status conversion table Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 42/45] Bluetooth: Shutdown controller after workqueues are flushed or cancelled Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 44/45] sctp: validate from_addr_param return Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 45/45] sctp: add size validation when walking chunks Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210706112749.2065541-32-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=linux-atm-general@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=zheyuma97@gmail.com \
--subject='Re: [PATCH AUTOSEL 4.14 32/45] atm: nicstar: use '\''dma_free_coherent'\'' instead of '\''kfree'\''' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).