Re: [PATCH] iommu/iova: Add NULL check in iova_magazine_free()

Next message: Jan Kara: "Re: [PATCH v2 1/1] jbd2: gracefully abort on checkpointing state corruptions"
Previous message: Paolo Abeni: "Re: [PATCH net-next v3 2/3] net: macb: add safeguards for jumbo frame larger than 10240"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jörg Rödel

Date: Tue Mar 17 2026 - 08:31:00 EST

On Sat, Feb 14, 2026 at 08:09:19AM +0000, Lynn Liu wrote:
> From: lynn <liulynn@xxxxxxxxxx>
>
> When iova_domain_init_rcaches() fails to allocate an iova_magazine
> during the initialization of per-cpu rcaches, it jumps to out_err and
> calls free_iova_rcaches() for cleanup.
>
> In free_iova_rcaches(), the code iterates through all possible CPUs to
> free both cpu_rcache->loaded and cpu_rcache->prev. However, if the
> original allocation failed mid-way through the CPU loop, the pointers
> for the remaining CPUs remain NULL.
>
> Since kmem_cache_free() does not explicitly handle NULL pointers like
> kfree() does, passing these NULL pointers leads to a kernel paging
> request fault.
>
> Add a NULL check in iova_magazine_free() to safely handle partially
> initialized rcaches in error paths.
>
> Signed-off-by: lynn <liulynn@xxxxxxxxxx>
> ---
> drivers/iommu/iova.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)

Applied, thanks.