On 08/03/2018 05:07 PM, Matthew Wilcox wrote:
> On Fri, Aug 03, 2018 at 02:43:07PM -0400, Tony Battersby wrote:
>> Out of curiosity, I just tried to create a dmapool with a NULL dev and
>> it crashed on this:
>>
>> static inline int dev_to_node(struct device *dev)
>> {
>> return dev->numa_node;
>> }
>>
>> struct dma_pool *dma_pool_create(const char *name, struct device *dev,
>> size_t size, size_t align, size_t boundary)
>> {
>> ...
>> retval = kmalloc_node(sizeof(*retval), GFP_KERNEL, dev_to_node(dev));
>> ...
>> }
>>
>> So either it needs more special cases for supporting a NULL dev, or the
>> special cases can be removed since no one does that anyway.
> Actually, it's worse. dev_to_node() works with a NULL dev ... unless
> CONFIG_NUMA is set. So we're leaving a timebomb by pretending to
> allow it. Let's just 'if (!dev) return NULL;' early in create.
>
>
Looking further down it does stuff with dev->dma_pools unconditionally
that doesn't depend on the config. So it would blow up on non-NUMA
also. So no timebomb, just an immediate kaboom.
