etnaviv_iommuv2_dump_size(..) returns the number of PTE * SZ_4K but etnaviv_iommuv2_dump(..) increments buf pointer even if there is no PTE. This results in a bad buf pointer which gets used for memcpy(..). [ 264.408474] 8<--- cut here --- [ 264.412048] Unable to handle kernel paging request at virtual address f1a2c268 [ 264.419321] pgd = e5846004 [ 264.422069] [f1a2c268] *pgd=00000000 [ 264.425702] Internal error: Oops: 805 [#1] SMP ARM [ 264.430520] Modules linked in: [ 264.433616] CPU: 2 PID: 130 Comm: kworker/2:2 Tainted: G W 5.4.0-rc4 #10 [ 264.441643] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) [ 264.448227] Workqueue: events drm_sched_job_timedout [ 264.453237] PC is at memcpy+0x50/0x330 [ 264.457012] LR is at 0x2 [ 264.459572] pc : [<c0c04650>] lr : [<00000002>] psr: 200f0013 [ 264.465863] sp : ec96fe64 ip : 00000002 fp : 00000140 [ 264.471112] r10: 00003000 r9 : ec688040 r8 : 00000002 [ 264.476364] r7 : 00000002 r6 : 00000002 r5 : 00000002 r4 : 00000002 [ 264.482917] r3 : 00000002 r2 : 00000f60 r1 : f162a020 r0 : f1a2c268 [ 264.489472] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 264.496635] Control: 10c5387d Table: 3d26804a DAC: 00000051 [ 264.502407] Process kworker/2:2 (pid: 130, stack limit = 0xe8f69f3d) [ 264.508786] Stack: (0xec96fe64 to 0xec970000) [ 264.513180] fe60: f1622000 f162218c f162c000 414e5445 f1a2c268 00000ffc c0655a8c [ 264.521394] fe80: 00000000 0000012a f162c268 c064fd78 c0657350 c0187f64 00000001 00000000 [ 264.529606] fea0: ed0f9c00 00000001 00000002 435d587d ec688140 ec688100 ed0f9c00 ec688040 [ 264.537818] fec0: ed0f9c00 c1308b28 ec96ff1c c13e55b0 c13e41c8 c0657358 ec688260 ed0f9c18 [ 264.546029] fee0: ec688100 c0641278 ec688260 ec2f6180 ee1ba700 ee1bda00 c1308b28 c0149b98 [ 264.554240] ff00: 00000001 00000000 c0149ae4 c0c21fb0 00000000 00000000 c014a194 c1a4be34 [ 264.562452] ff20: c1870740 00000000 c1015384 435d587d ffffe000 ec2f6180 ec2f6194 ee1ba700 [ 264.570663] ff40: 00000008 ee1ba734 c1305900 ee1ba700 ffffe000 c014a0e4 ec9537a4 c0c28e64 [ 264.578874] ff60: ec96e000 00000000 ec2be780 ec2f99c0 ec96e000 ec2f6180 c014a0b8 ec13fe90 [ 264.587086] ff80: ec2be7b8 c0152890 ec96e000 ec2f99c0 c0152750 00000000 00000000 00000000 [ 264.595296] ffa0: 00000000 00000000 00000000 c01010b4 00000000 00000000 00000000 00000000 [ 264.603506] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 264.611716] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 264.619944] [<c0c04650>] (memcpy) from [<c0655a8c>] (etnaviv_iommuv2_dump+0x58/0x60) [ 264.627738] [<c0655a8c>] (etnaviv_iommuv2_dump) from [<c064fd78>] (etnaviv_core_dump+0x140/0x45c) [ 264.636658] [<c064fd78>] (etnaviv_core_dump) from [<c0657358>] (etnaviv_sched_timedout_job+0x8c/0xb8) [ 264.645923] [<c0657358>] (etnaviv_sched_timedout_job) from [<c0641278>] (drm_sched_job_timedout+0x38/0x88) [ 264.655631] [<c0641278>] (drm_sched_job_timedout) from [<c0149b98>] (process_one_work+0x2c4/0x7e4) [ 264.664633] [<c0149b98>] (process_one_work) from [<c014a0e4>] (worker_thread+0x2c/0x59c) [ 264.672765] [<c014a0e4>] (worker_thread) from [<c0152890>] (kthread+0x140/0x158) [ 264.680200] [<c0152890>] (kthread) from [<c01010b4>] (ret_from_fork+0x14/0x20) [ 264.687448] Exception stack(0xec96ffb0 to 0xec96fff8) [ 264.692530] ffa0: 00000000 00000000 00000000 00000000 [ 264.700741] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 264.708949] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 264.715599] Code: f5d1f05c f5d1f07c e8b151f8 e2522020 (e8a051f8) [ 264.721727] ---[ end trace 8afcd79e9e2725b3 ]--- Fixes: afb7b3b1deb4 ("drm/etnaviv: implement IOMMUv2 translation") Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Christian Gmeiner <christian.gmeiner@xxxxxxxxx> --- drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c b/drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c index 043111a1d60c..f8bf488e9d71 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c @@ -155,9 +155,11 @@ static void etnaviv_iommuv2_dump(struct etnaviv_iommu_context *context, void *bu memcpy(buf, v2_context->mtlb_cpu, SZ_4K); buf += SZ_4K; - for (i = 0; i < MMUv2_MAX_STLB_ENTRIES; i++, buf += SZ_4K) - if (v2_context->mtlb_cpu[i] & MMUv2_PTE_PRESENT) + for (i = 0; i < MMUv2_MAX_STLB_ENTRIES; i++) + if (v2_context->mtlb_cpu[i] & MMUv2_PTE_PRESENT) { memcpy(buf, v2_context->stlb_cpu[i], SZ_4K); + buf += SZ_4K; + } } static void etnaviv_iommuv2_restore_nonsec(struct etnaviv_gpu *gpu, -- 2.23.0