PCIe oops for NULL pointer dereference during next-20170807 and next-20170815

Commit Message

Marc Zyngier Aug. 17, 2017, 8:21 a.m. UTC

On 17/08/17 08:58, Joerg Roedel wrote:
> On Thu, Aug 17, 2017 at 03:02:31PM +0800, Shawn Lin wrote:
>> So should we revert this commit or maybe we could add some checking
>> into gic-v2m and gic-v3-its to see if the dev is iommu-capable? If not,
>> we should create another routine to map MSI msg.
> 
> Yes, fixing this in gic code is the right approach. I usually don't
> revert patches to hide problems somewhere else.
Here's what it would look like:


I'm not convinced  that playing with the group refcount in an irqchip
is the right approach...

Thanks,

	M.

Patch

diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
index b47097a3e4b4..5e81ad62c801 100644
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -1125,6 +1125,8 @@  static void its_irq_compose_msi_msg(struct irq_data *d, struct msi_msg *msg)
 {
 	struct its_device *its_dev = irq_data_get_irq_chip_data(d);
 	struct its_node *its;
+	struct iommu_group *group;
+	struct device *dev;
 	u64 addr;
 
 	its = its_dev->its;
@@ -1134,7 +1136,12 @@  static void its_irq_compose_msi_msg(struct irq_data *d, struct msi_msg *msg)
 	msg->address_hi		= upper_32_bits(addr);
 	msg->data		= its_get_event_id(d);
 
-	iommu_dma_map_msi_msg(d->irq, msg);
+	dev = msi_desc_to_dev(irq_get_msi_desc(d->irq));
+	group = iommu_group_get(dev);
+	if (group) {
+		iommu_dma_map_msi_msg(d->irq, msg);
+		iommu_group_put(group);
+	}
 }
 
 static int its_irq_set_irqchip_state(struct irq_data *d,