mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	 f7f04d1983
			
		
	
	
		f7f04d1983
		
	
	
	
	
		
			
			sg_alloc_table_chained() is called by several drivers, but if it is called before sg_pool_init(), it results in a NULL pointer dereference in sg_pool_alloc(). Since commit9b1d6c8950("lib: scatterlist: move SG pool code from SCSI driver to lib/sg_pool.c"), we rely on module_init(sg_pool_init) is invoked before other module_init calls but this assumption is fragile. I slightly changed the link order while refactoring Kbuild, then uncovered this issue. I should keep the current link order, but depending on a specific call order among module_init is so fragile. We usually define the init order by specifying *_initcall correctly, or delay the driver probing by returning -EPROBE_DEFER. Change module_initcall() to subsys_initcall(), and also delete the pointless module_exit() because lib/sg_pool.c is always compiled as built-in. (CONFIG_SG_POOL is bool) Link: https://lore.kernel.org/all/20220921043946.GA1355561@roeck-us.net/ Link: https://lore.kernel.org/all/8e70837d-d859-dfb2-bf7f-83f8b31467bc@samsung.com/ Fixes:9b1d6c8950("lib: scatterlist: move SG pool code from SCSI driver to lib/sg_pool.c") Reported-by: Guenter Roeck <linux@roeck-us.net> Reported-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Robin Murphy <robin.murphy@arm.com> Tested-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Christoph Hellwig <hch@lst.de>
		
			
				
	
	
		
			181 lines
		
	
	
		
			4.0 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			181 lines
		
	
	
		
			4.0 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| // SPDX-License-Identifier: GPL-2.0-only
 | |
| #include <linux/init.h>
 | |
| #include <linux/scatterlist.h>
 | |
| #include <linux/mempool.h>
 | |
| #include <linux/slab.h>
 | |
| 
 | |
| #define SG_MEMPOOL_NR		ARRAY_SIZE(sg_pools)
 | |
| #define SG_MEMPOOL_SIZE		2
 | |
| 
 | |
| struct sg_pool {
 | |
| 	size_t		size;
 | |
| 	char		*name;
 | |
| 	struct kmem_cache	*slab;
 | |
| 	mempool_t	*pool;
 | |
| };
 | |
| 
 | |
| #define SP(x) { .size = x, "sgpool-" __stringify(x) }
 | |
| #if (SG_CHUNK_SIZE < 32)
 | |
| #error SG_CHUNK_SIZE is too small (must be 32 or greater)
 | |
| #endif
 | |
| static struct sg_pool sg_pools[] = {
 | |
| 	SP(8),
 | |
| 	SP(16),
 | |
| #if (SG_CHUNK_SIZE > 32)
 | |
| 	SP(32),
 | |
| #if (SG_CHUNK_SIZE > 64)
 | |
| 	SP(64),
 | |
| #if (SG_CHUNK_SIZE > 128)
 | |
| 	SP(128),
 | |
| #if (SG_CHUNK_SIZE > 256)
 | |
| #error SG_CHUNK_SIZE is too large (256 MAX)
 | |
| #endif
 | |
| #endif
 | |
| #endif
 | |
| #endif
 | |
| 	SP(SG_CHUNK_SIZE)
 | |
| };
 | |
| #undef SP
 | |
| 
 | |
| static inline unsigned int sg_pool_index(unsigned short nents)
 | |
| {
 | |
| 	unsigned int index;
 | |
| 
 | |
| 	BUG_ON(nents > SG_CHUNK_SIZE);
 | |
| 
 | |
| 	if (nents <= 8)
 | |
| 		index = 0;
 | |
| 	else
 | |
| 		index = get_count_order(nents) - 3;
 | |
| 
 | |
| 	return index;
 | |
| }
 | |
| 
 | |
| static void sg_pool_free(struct scatterlist *sgl, unsigned int nents)
 | |
| {
 | |
| 	struct sg_pool *sgp;
 | |
| 
 | |
| 	sgp = sg_pools + sg_pool_index(nents);
 | |
| 	mempool_free(sgl, sgp->pool);
 | |
| }
 | |
| 
 | |
| static struct scatterlist *sg_pool_alloc(unsigned int nents, gfp_t gfp_mask)
 | |
| {
 | |
| 	struct sg_pool *sgp;
 | |
| 
 | |
| 	sgp = sg_pools + sg_pool_index(nents);
 | |
| 	return mempool_alloc(sgp->pool, gfp_mask);
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * sg_free_table_chained - Free a previously mapped sg table
 | |
|  * @table:	The sg table header to use
 | |
|  * @nents_first_chunk: size of the first_chunk SGL passed to
 | |
|  *		sg_alloc_table_chained
 | |
|  *
 | |
|  *  Description:
 | |
|  *    Free an sg table previously allocated and setup with
 | |
|  *    sg_alloc_table_chained().
 | |
|  *
 | |
|  *    @nents_first_chunk has to be same with that same parameter passed
 | |
|  *    to sg_alloc_table_chained().
 | |
|  *
 | |
|  **/
 | |
| void sg_free_table_chained(struct sg_table *table,
 | |
| 		unsigned nents_first_chunk)
 | |
| {
 | |
| 	if (table->orig_nents <= nents_first_chunk)
 | |
| 		return;
 | |
| 
 | |
| 	if (nents_first_chunk == 1)
 | |
| 		nents_first_chunk = 0;
 | |
| 
 | |
| 	__sg_free_table(table, SG_CHUNK_SIZE, nents_first_chunk, sg_pool_free,
 | |
| 			table->orig_nents);
 | |
| }
 | |
| EXPORT_SYMBOL_GPL(sg_free_table_chained);
 | |
| 
 | |
| /**
 | |
|  * sg_alloc_table_chained - Allocate and chain SGLs in an sg table
 | |
|  * @table:	The sg table header to use
 | |
|  * @nents:	Number of entries in sg list
 | |
|  * @first_chunk: first SGL
 | |
|  * @nents_first_chunk: number of the SGL of @first_chunk
 | |
|  *
 | |
|  *  Description:
 | |
|  *    Allocate and chain SGLs in an sg table. If @nents@ is larger than
 | |
|  *    @nents_first_chunk a chained sg table will be setup. @first_chunk is
 | |
|  *    ignored if nents_first_chunk <= 1 because user expects the SGL points
 | |
|  *    non-chain SGL.
 | |
|  *
 | |
|  **/
 | |
| int sg_alloc_table_chained(struct sg_table *table, int nents,
 | |
| 		struct scatterlist *first_chunk, unsigned nents_first_chunk)
 | |
| {
 | |
| 	int ret;
 | |
| 
 | |
| 	BUG_ON(!nents);
 | |
| 
 | |
| 	if (first_chunk && nents_first_chunk) {
 | |
| 		if (nents <= nents_first_chunk) {
 | |
| 			table->nents = table->orig_nents = nents;
 | |
| 			sg_init_table(table->sgl, nents);
 | |
| 			return 0;
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	/* User supposes that the 1st SGL includes real entry */
 | |
| 	if (nents_first_chunk <= 1) {
 | |
| 		first_chunk = NULL;
 | |
| 		nents_first_chunk = 0;
 | |
| 	}
 | |
| 
 | |
| 	ret = __sg_alloc_table(table, nents, SG_CHUNK_SIZE,
 | |
| 			       first_chunk, nents_first_chunk,
 | |
| 			       GFP_ATOMIC, sg_pool_alloc);
 | |
| 	if (unlikely(ret))
 | |
| 		sg_free_table_chained(table, nents_first_chunk);
 | |
| 	return ret;
 | |
| }
 | |
| EXPORT_SYMBOL_GPL(sg_alloc_table_chained);
 | |
| 
 | |
| static __init int sg_pool_init(void)
 | |
| {
 | |
| 	int i;
 | |
| 
 | |
| 	for (i = 0; i < SG_MEMPOOL_NR; i++) {
 | |
| 		struct sg_pool *sgp = sg_pools + i;
 | |
| 		int size = sgp->size * sizeof(struct scatterlist);
 | |
| 
 | |
| 		sgp->slab = kmem_cache_create(sgp->name, size, 0,
 | |
| 				SLAB_HWCACHE_ALIGN, NULL);
 | |
| 		if (!sgp->slab) {
 | |
| 			printk(KERN_ERR "SG_POOL: can't init sg slab %s\n",
 | |
| 					sgp->name);
 | |
| 			goto cleanup_sdb;
 | |
| 		}
 | |
| 
 | |
| 		sgp->pool = mempool_create_slab_pool(SG_MEMPOOL_SIZE,
 | |
| 						     sgp->slab);
 | |
| 		if (!sgp->pool) {
 | |
| 			printk(KERN_ERR "SG_POOL: can't init sg mempool %s\n",
 | |
| 					sgp->name);
 | |
| 			goto cleanup_sdb;
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	return 0;
 | |
| 
 | |
| cleanup_sdb:
 | |
| 	for (i = 0; i < SG_MEMPOOL_NR; i++) {
 | |
| 		struct sg_pool *sgp = sg_pools + i;
 | |
| 
 | |
| 		mempool_destroy(sgp->pool);
 | |
| 		kmem_cache_destroy(sgp->slab);
 | |
| 	}
 | |
| 
 | |
| 	return -ENOMEM;
 | |
| }
 | |
| 
 | |
| subsys_initcall(sg_pool_init);
 |