Skip to content

Commit ec9c96e

Browse files
jkkmIngo Molnar
jkkm
authored and
Ingo Molnar
committed
dma-debug: Fix check_unmap null pointer dereference
While it's debatable whether or not a NULL device argument to the DMA API functions is valid... since it certainly isn't valid on devices with an IOMMU... dma-debug really shouldn't be dereferencing null pointers either. Guard against that in err_printk and the driver_filter functions. A Fedora rawhide user was seeing this in one of the dvb drivers resulting in an oops on boot. [ A patch has been sent for testing to the driver, but I feel the dma debugging support should be fixed as well. (There's still a pile of legacy garbage in the kernel passing null pointers to dma_{alloc,free}_*. :( ] Signed-off-by: Kyle McMartin <kyle@redhat.com> Cc: mchehab@infradead.org Cc: Joerg Roedel <joerg.roedel@amd.com> LKML-Reference: <20090820011708.GP25206@bombadil.infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
1 parent 429966b commit ec9c96e

File tree

1 file changed

+16
-12
lines changed

1 file changed

+16
-12
lines changed

lib/dma-debug.c

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -156,9 +156,13 @@ static bool driver_filter(struct device *dev)
156156
return true;
157157

158158
/* driver filter on and initialized */
159-
if (current_driver && dev->driver == current_driver)
159+
if (current_driver && dev && dev->driver == current_driver)
160160
return true;
161161

162+
/* driver filter on, but we can't filter on a NULL device... */
163+
if (!dev)
164+
return false;
165+
162166
if (current_driver || !current_driver_name[0])
163167
return false;
164168

@@ -183,17 +187,17 @@ static bool driver_filter(struct device *dev)
183187
return ret;
184188
}
185189

186-
#define err_printk(dev, entry, format, arg...) do { \
187-
error_count += 1; \
188-
if (driver_filter(dev) && \
189-
(show_all_errors || show_num_errors > 0)) { \
190-
WARN(1, "%s %s: " format, \
191-
dev_driver_string(dev), \
192-
dev_name(dev) , ## arg); \
193-
dump_entry_trace(entry); \
194-
} \
195-
if (!show_all_errors && show_num_errors > 0) \
196-
show_num_errors -= 1; \
190+
#define err_printk(dev, entry, format, arg...) do { \
191+
error_count += 1; \
192+
if (driver_filter(dev) && \
193+
(show_all_errors || show_num_errors > 0)) { \
194+
WARN(1, "%s %s: " format, \
195+
dev ? dev_driver_string(dev) : "NULL", \
196+
dev ? dev_name(dev) : "NULL", ## arg); \
197+
dump_entry_trace(entry); \
198+
} \
199+
if (!show_all_errors && show_num_errors > 0) \
200+
show_num_errors -= 1; \
197201
} while (0);
198202

199203
/*

0 commit comments

Comments
 (0)