On Wed, Feb 01, 2023 at 04:26:42PM +0000, Dr. David Alan Gilbert wrote:
> f5ff79fddf0efecca538046b5cc20fb3ded2ec4f is the first bad commit
> commit f5ff79fddf0efecca538046b5cc20fb3ded2ec4f
> Author: Christoph Hellwig <hch@xxxxxx>
> Date: Sat Feb 26 16:40:21 2022 +0100
>
> dma-mapping: remove CONFIG_DMA_REMAP
Which just enabled some code on common x86 configs that was already
used on many other platforms. In other words: the code already
was buggy, but got away with it on x86 so far as no one tested on
e.g. arm or arm64.
The bug is in videobuf_dma_init_kernel:
for (i = 0; i < nr_pages; i++) {
void *addr;
addr = dma_alloc_coherent(dma->dev, PAGE_SIZE,
&(dma->dma_addr[i]), GFP_KERNEL);
if (addr == NULL)
goto out_free_pages;
dma->vaddr_pages[i] = virt_to_page(addr);
}
dma->vaddr = vmap(dma->vaddr_pages, nr_pages, VM_MAP | VM_IOREMAP,
PAGE_KERNEL);
The address by dma_alloc_coherent is just a kernel virtual address,
and virt_to_page must not be used on it as it could be vmalloc (as in
this case) or various other really odd forms of memory.
