diff options
author | John Garry <john.garry@huawei.com> | 2021-12-13 13:10:48 +0300 |
---|---|---|
committer | Martin K. Petersen <martin.petersen@oracle.com> | 2021-12-14 07:19:58 +0300 |
commit | 2fe24343922e0428fb68674a4fae099171141bc7 (patch) | |
tree | 7f7880f0c678377df7559df37937ffce641fae6a /fs/char_dev.c | |
parent | 69002c8ce914ef0ae22a6ea14b43bb30b9a9a6a8 (diff) | |
download | linux-2fe24343922e0428fb68674a4fae099171141bc7.tar.xz |
scsi: pm8001: Fix phys_to_virt() usage on dma_addr_t
The driver supports a "direct" mode of operation, where the SMP req frame
is directly copied into the command payload (and vice-versa for the SMP
resp).
To get at the SMP req frame data in the scatterlist the driver uses
phys_to_virt() on the DMA mapped memory dma_addr_t . This is broken, and
subsequently crashes as follows when an IOMMU is enabled:
Unable to handle kernel paging request at virtual address
ffff0000fcebfb00
...
pc : pm80xx_chip_smp_req+0x2d0/0x3d0
lr : pm80xx_chip_smp_req+0xac/0x3d0
pm80xx_chip_smp_req+0x2d0/0x3d0
pm8001_task_exec.constprop.0+0x368/0x520
pm8001_queue_command+0x1c/0x30
smp_execute_task_sg+0xdc/0x204
sas_discover_expander.part.0+0xac/0x6cc
sas_discover_root_expander+0x8c/0x150
sas_discover_domain+0x3ac/0x6a0
process_one_work+0x1d0/0x354
worker_thread+0x13c/0x470
kthread+0x17c/0x190
ret_from_fork+0x10/0x20
Code: 371806e1 910006d6 6b16033f 54000249 (38766b05)
---[ end trace b91d59aaee98ea2d ]---
note: kworker/u192:0[7] exited with preempt_count 1
Instead use kmap_atomic().
--
Difference to v1:
- use kmap_atomic() in both locations
Difference to v2:
- add whitespace around arithmetic (Damien)
Link: https://lore.kernel.org/r/1639390248-213603-1-git-send-email-john.garry@huawei.com
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'fs/char_dev.c')
0 files changed, 0 insertions, 0 deletions