diff options
| author | lynn <liulynn@google.com> | 2026-02-14 11:09:19 +0300 |
|---|---|---|
| committer | Joerg Roedel <joerg.roedel@amd.com> | 2026-03-17 15:28:37 +0300 |
| commit | fa8fb60d36375ca3166a60589a624f0d0bc9ddb5 (patch) | |
| tree | 646d6ae17b6c0d929eb4934e31eb13197a46648b | |
| parent | 199036ae01321651fe0e4488f9e19a28af4c5f1d (diff) | |
| download | linux-fa8fb60d36375ca3166a60589a624f0d0bc9ddb5.tar.xz | |
iommu/iova: Add NULL check in iova_magazine_free()
When iova_domain_init_rcaches() fails to allocate an iova_magazine
during the initialization of per-cpu rcaches, it jumps to out_err and
calls free_iova_rcaches() for cleanup.
In free_iova_rcaches(), the code iterates through all possible CPUs to
free both cpu_rcache->loaded and cpu_rcache->prev. However, if the
original allocation failed mid-way through the CPU loop, the pointers
for the remaining CPUs remain NULL.
Since kmem_cache_free() does not explicitly handle NULL pointers like
kfree() does, passing these NULL pointers leads to a kernel paging
request fault.
Add a NULL check in iova_magazine_free() to safely handle partially
initialized rcaches in error paths.
Signed-off-by: lynn <liulynn@google.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
| -rw-r--r-- | drivers/iommu/iova.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/iommu/iova.c b/drivers/iommu/iova.c index f9cd18316d16..021daf6528de 100644 --- a/drivers/iommu/iova.c +++ b/drivers/iommu/iova.c @@ -611,7 +611,8 @@ static struct iova_magazine *iova_magazine_alloc(gfp_t flags) static void iova_magazine_free(struct iova_magazine *mag) { - kmem_cache_free(iova_magazine_cache, mag); + if (mag) + kmem_cache_free(iova_magazine_cache, mag); } static void |