From nobody Wed Sep 6 14:38:25 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RglNd3sD1z4rpFF; Wed, 6 Sep 2023 14:38:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RglNd32Hpz4LvN; Wed, 6 Sep 2023 14:38:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694011105; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ra0Mq7/tIuNuAXjy9I5bO2ZaClSE5j8fPkRX0bpQsRg=; b=NQ29DgQwQYsSFwczwhxsrrU3AOxvBp4u7HNq6sL8pxf18/7Sn3I/kSSZ3lONHkUVU+3ds9 /nRLmaOTSVoUq1YcbUkxxWMvGI3UVJr9+xh/HH9XNPsRiTkcG0zvb1LcYJAcsuIFmURbHq RUEadbZolWSPuAdfaBo6xavQip2UGr+ULHtOV4P2zYqaICoj16M2ddPqZkWgKhpKAVD01b r+z5x1LCo7Nqn+RQ4rerFSWim3uovSXdu8kjVbIbTqMRKiHRREO0It72P5Xk2pR5FiK2Xg i/z3hjpBFLn30PxBxNON4CHiMXw3tvz/HzqM4aXk6sO1yBBB1yQX8WTcPVWaUg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694011105; a=rsa-sha256; cv=none; b=LjJtmzPPUgUwnLuWOPw/Dv1pQW/HqJu/NN+rY6UbG41BnXFrhCahfDB590tfRsvDQduJNP f5VqIjkeN0JPv5Sn5tnoYY2TnRQIeuEaAUErtBPoT2YgJctr452zEncS8/dyCG7WgLuvd/ NYw5n+A7DIsO7iKA8f+aQFyROv9vjE+Xgmv3YHHLsrh0AOiYxq2CL1RlvJ6HSsTuUZBdRZ eNWp4ryOPOQfDiw12q/OcOYmx9Ai281bdlV+cd1NBlcT7e9e9SNN9WG/3H1VwJVS9jSiay Js5sa6sZ9wxBRdRwX9t+V7+hLr/E3BhhZ8lWrD05vT2rF8gC8tlp05yRLVTDXA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694011105; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ra0Mq7/tIuNuAXjy9I5bO2ZaClSE5j8fPkRX0bpQsRg=; b=G+eMeTx+oRwLlYEU8VxP5pXxUnPWAX9jog0kk+7dMx8Oxf6yO9qr4tPPteZtHHBx49LgOm sRjhBxhQPUuQG5I4+60HcZJBIfYVCCd9h0kcKr/VKIAYuvVg65J1cg+VFVKWlYEto2SCrF stqSf82FWad/zhE9sp2poQDJXxOjvVcyuaIvx3GHfNTDlnKjhh8xYBYnjaV1yZYPwLOR2P AGZ9iwKT3bEATCc8Qvxz38Gpn7CfwAjRjotvI5h+aLu4X7btHXUxmez4mRMph/3AqOnyD2 eQ0aoIrfGRZR0dXL//qX9GAS4vrgy4k3T6mB7U7B6AW9HZshD28YoUQbNxm2gw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RglNd261Wz4nR; Wed, 6 Sep 2023 14:38:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 386EcP5X086282; Wed, 6 Sep 2023 14:38:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 386EcPev086279; Wed, 6 Sep 2023 14:38:25 GMT (envelope-from git) Date: Wed, 6 Sep 2023 14:38:25 GMT Message-Id: <202309061438.386EcPev086279@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Bjoern A. Zeeb" Subject: git: 09b0401e91a9 - main - linuxkpi: fix iteration in __sg_alloc_table_from_pages List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bz X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 09b0401e91a92bcb58ea1873857b42f8211f660f Auto-Submitted: auto-generated The branch main has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=09b0401e91a92bcb58ea1873857b42f8211f660f commit 09b0401e91a92bcb58ea1873857b42f8211f660f Author: Austin Shafer AuthorDate: 2023-09-06 14:08:05 +0000 Commit: Bjoern A. Zeeb CommitDate: 2023-09-06 14:37:12 +0000 linuxkpi: fix iteration in __sg_alloc_table_from_pages Commit 3f686532c9b4 tried to fix an issue with not properly starting at the first page in the sg list to prevent a panic. This worked but with the side effect of incrementing "s" during the final iteration causing it to be NULL since the list had ended. In cases non-DEBUG kernels this causes a panic with drm-5.15, since "s" is NULL when we later pass it to sg_mark_end(). This change decouples the iteration sg from the return value so that it is never incremented past the final page in the chain. MFC after: 3 days Reviewed by: manu Differential Revision: https://reviews.freebsd.org/D41574 --- sys/compat/linuxkpi/common/include/linux/scatterlist.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/sys/compat/linuxkpi/common/include/linux/scatterlist.h b/sys/compat/linuxkpi/common/include/linux/scatterlist.h index 0e4cc90e57a5..e462d5c649f1 100644 --- a/sys/compat/linuxkpi/common/include/linux/scatterlist.h +++ b/sys/compat/linuxkpi/common/include/linux/scatterlist.h @@ -343,7 +343,7 @@ __sg_alloc_table_from_pages(struct sg_table *sgt, { unsigned int i, segs, cur, len; int rc; - struct scatterlist *s; + struct scatterlist *s, *sg_iter; #if defined(LINUXKPI_VERSION) && LINUXKPI_VERSION >= 51300 if (prv != NULL) { @@ -377,10 +377,18 @@ __sg_alloc_table_from_pages(struct sg_table *sgt, #endif cur = 0; - for (i = 0, s = sgt->sgl; i < sgt->orig_nents; i++) { + for_each_sg(sgt->sgl, sg_iter, sgt->orig_nents, i) { unsigned long seg_size; unsigned int j; + /* + * We need to make sure that when we exit this loop "s" has the + * last sg in the chain so we can call sg_mark_end() on it. + * Only set this inside the loop since sg_iter will be iterated + * until it is NULL. + */ + s = sg_iter; + len = 0; for (j = cur + 1; j < count; ++j) { len += PAGE_SIZE; @@ -394,8 +402,6 @@ __sg_alloc_table_from_pages(struct sg_table *sgt, size -= seg_size; off = 0; cur = j; - - s = sg_next(s); } KASSERT(s != NULL, ("s is NULL after loop in __sg_alloc_table_from_pages()"));