[PATCH] firewire: ohci: initialize page array to use alloc_pages_bulk() correctly
From: Takashi Sakamoto
Date: Fri Feb 27 2026 - 21:56:03 EST
The call of alloc_pages_bulk() skips to fill entries of page array when
the entries already have values. While, 1394 OHCI PCI driver passes the
page array without initializing. It could cause invalid state at PFN
validation in vmap().
Fixes: f2ae92780ab9 ("firewire: ohci: split page allocation from dma mapping")
Reported-by: John Ogness <john.ogness@xxxxxxxxxxxxx>
Closes: https://lore.kernel.org/lkml/87tsv1vig5.fsf@xxxxxxxxxxxxxxxxxxxxx/
Signed-off-by: Takashi Sakamoto <o-takashi@xxxxxxxxxxxxx>
---
drivers/firewire/ohci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c
index 1c868c1e..8153d62c 100644
--- a/drivers/firewire/ohci.c
+++ b/drivers/firewire/ohci.c
@@ -848,7 +848,7 @@ static int ar_context_init(struct ar_context *ctx, struct fw_ohci *ohci,
{
struct device *dev = ohci->card.device;
unsigned int i;
- struct page *pages[AR_BUFFERS + AR_WRAPAROUND_PAGES];
+ struct page *pages[AR_BUFFERS + AR_WRAPAROUND_PAGES] = { NULL };
dma_addr_t dma_addrs[AR_BUFFERS];
void *vaddr;
struct descriptor *d;
--
2.51.0
===== 8<- -----
Thanks
Takashi Sakamoto
On Sat, Feb 28, 2026 at 01:13:54AM +0106, John Ogness wrote:
> Hi,
>
> With 7.0.0-rc1 I am seeing 2 warnings and a crash when loading the
> firewire-ohci module.
>
> I will not have time to debug this for a couple weeks. But maybe it is
> already obvious to some of the firewire folks.
>
> This is a ppc64be machine (4k pages).
>
> John Ogness
>
> Following is the kernel log when running:
>
> # insmod ./firewire-ohci.ko
>
> [ 71.072914][ T1781] firewire_ohci 0001:03:0e.0: enabling device (0000 -> 0002)
> [ 71.075242][ T1781] ------------[ cut here ]------------
> [ 71.075439][ T1781] WARNING: [] mm/vmalloc.c:554 at .vmap_small_pages_range_noflush+0x354/0x558, CPU#0: insmod/1781
> [ 71.075696][ T1781] Modules linked in: firewire_ohci(+) firewire_core netconsole 8021q garp stp mrp llc nouveau drm_ttm_helper ttm gpu_sched drm_client_lib i2c_algo_bit drm_display_helper drm_kms_helper drm_gpuvm drm_exec drm drm_panel_orientation_quirks windfarm_smu_sat binfmt_misc b43 rng_core cordic bcma mac80211 libarc4 windfarm_cpufreq_clamp cfg80211 snd_aoa_codec_tas snd_aoa_fabric_layout windfarm_pm72 snd_aoa windfarm_pid rfkill windfarm_max6690_sensor windfarm_fcu_controls windfarm_ad7417_sensor windfarm_lm75_sensor windfarm_core snd_aoa_i2sbus snd_aoa_soundbus snd_pcm joydev mousedev snd_timer mac_hid ssb snd soundcore rack_meter mmc_core uninorth_agp agpgart
> [ 71.094003][ T1781] CPU: 0 UID: 0 PID: 1781 Comm: insmod Not tainted 7.0.0-rc1 #2 PREEMPT
> [ 71.097990][ T1781] Hardware name: PowerMac7,2 PPC970 0x390202 PowerMac
> [ 71.102043][ T1781] NIP: c00000000052e074 LR: c00000000052e128 CTR: c00000000bd7c880
> [ 71.106208][ T1781] REGS: c00000000dee6a10 TRAP: 0700 Not tainted (7.0.0-rc1)
> [ 71.110505][ T1781] MSR: 900000000202b032 <SF,HV,VEC,EE,FP,ME,IR,DR,RI> CR: 84008448 XER: 20000000
> [ 71.115002][ T1781] IRQMASK: 0
> [ 71.115002][ T1781] GPR00: c00000000052e128 c00000000dee6cb0 c000000001b7f100 ffffff04002a72e6
> [ 71.115002][ T1781] GPR04: c00000000052e128 c0003d00015eafff ffffffffffffffff ffffffffffffffff
> [ 71.115002][ T1781] GPR08: 0000000000000000 000fff04002a72e6 0000000000000000 0000000000000003
> [ 71.115002][ T1781] GPR12: 0000000024008442 c000000003ca5000 c0003d00015e1000 c00000000a9cb988
> [ 71.115002][ T1781] GPR16: c000000002da2dc0 c00000000c7eaf08 c00000000dee6f48 ee1fffffffffffbf
> [ 71.115002][ T1781] GPR20: c000000004042000 800000000000018e c000000002b82d80 c0003d00015eb000
> [ 71.115002][ T1781] GPR24: c000000002da2e58 0000000000000001 0000000000000001 c0003d00015eafff
> [ 71.115002][ T1781] GPR28: c00000000a415b80 0000000000000000 c0003d00015eb000 c00000000403f050
> [ 71.156263][ T1781] NIP [c00000000052e074] .vmap_small_pages_range_noflush+0x354/0x558
> [ 71.160879][ T1781] LR [c00000000052e128] .vmap_small_pages_range_noflush+0x408/0x558
> [ 71.165656][ T1781] Call Trace:
> [ 71.170546][ T1781] [c00000000dee6cb0] [c00000000052e128] .vmap_small_pages_range_noflush+0x408/0x558 (unreliable)
> [ 71.175967][ T1781] [c00000000dee6de0] [c0000000005357d0] .vmap+0xd4/0x1a8
> [ 71.181890][ T1781] [c00000000dee6e90] [c0003d00010f1e64] .ar_context_init+0xfc/0x38c [firewire_ohci]
> [ 71.187978][ T1781] [c00000000dee6fe0] [c0003d00010f5378] .pci_probe+0x25c/0x8c0 [firewire_ohci]
> [ 71.194098][ T1781] [c00000000dee70b0] [c000000000c6ad64] .pci_device_probe+0x108/0x26c
> [ 71.200284][ T1781] [c00000000dee7140] [c000000000d5ecc8] .really_probe+0x110/0x564
> [ 71.206420][ T1781] [c00000000dee71e0] [c000000000d5f1c8] .__driver_probe_device+0xac/0x1ec
> [ 71.212222][ T1781] [c00000000dee7270] [c000000000d5f468] .driver_probe_device+0x5c/0x120
> [ 71.217586][ T1781] [c00000000dee7300] [c000000000d5f928] .__driver_attach+0x1e8/0x384
> [ 71.222495][ T1781] [c00000000dee7390] [c000000000d5b3c8] .bus_for_each_dev+0xac/0x12c
> [ 71.227382][ T1781] [c00000000dee7440] [c000000000d5e274] .driver_attach+0x34/0x4c
> [ 71.232111][ T1781] [c00000000dee74c0] [c000000000d5d5b8] .bus_add_driver+0x2a0/0x334
> [ 71.236656][ T1781] [c00000000dee7560] [c000000000d60d8c] .driver_register+0x84/0x1b8
> [ 71.241063][ T1781] [c00000000dee75e0] [c000000000c698e4] .__pci_register_driver+0x8c/0xac
> [ 71.245385][ T1781] [c00000000dee7670] [c0003d00010f6ea4] .fw_ohci_init+0x30/0x44 [firewire_ohci]
> [ 71.249706][ T1781] [c00000000dee76e0] [c00000000000ef58] .do_one_initcall+0x8c/0x5d4
> [ 71.254172][ T1781] [c00000000dee77e0] [c00000000021aae4] .do_init_module+0x70/0x33c
> [ 71.258857][ T1781] [c00000000dee7870] [c00000000021de5c] .init_module_from_file+0x110/0x134
> [ 71.263662][ T1781] [c00000000dee79a0] [c00000000021e0ec] .idempotent_init_module+0x26c/0x34c
> [ 71.268466][ T1781] [c00000000dee7af0] [c00000000021e270] .__se_sys_finit_module+0xa4/0x188
> [ 71.273142][ T1781] [c00000000dee7ba0] [c00000000002b73c] .system_call_exception+0x16c/0x280
> [ 71.277757][ T1781] [c00000000dee7e10] [c00000000000b754] system_call_common+0xf4/0x258
> [ 71.282285][ T1781] ---- interrupt: c00 at 0x3fff90945174
> [ 71.286856][ T1781] NIP: 00003fff90945174 LR: 0000000117b6d338 CTR: 0000000000000000
> [ 71.291455][ T1781] REGS: c00000000dee7e80 TRAP: 0c00 Not tainted (7.0.0-rc1)
> [ 71.296087][ T1781] MSR: 900000000200f032 <SF,HV,VEC,EE,PR,FP,ME,IR,DR,RI> CR: 20000202 XER: 00000000
> [ 71.300895][ T1781] IRQMASK: 0
> [ 71.300895][ T1781] GPR00: 0000000000000161 00003ffff63304b0 00003fff909f0e00 0000000000000003
> [ 71.300895][ T1781] GPR04: 0000000117b7a6f8 0000000000000000 0000000000000000 0000000000000000
> [ 71.300895][ T1781] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 71.300895][ T1781] GPR12: 0000000000000000 00003fff909f2d28 0000000000000000 0000000000000000
> [ 71.300895][ T1781] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000080000000
> [ 71.300895][ T1781] GPR20: 0000000000000001 0000000000000000 0000000000000000 00003ffff63317c4
> [ 71.300895][ T1781] GPR24: 00003ffff6330800 0000000117b7b788 00003fff907ee870 0000000117b7a6f8
> [ 71.300895][ T1781] GPR28: 0000000000000000 0000000000000000 00003fff907eef50 00003ffff63304b0
> [ 71.339126][ T1781] NIP [00003fff90945174] 0x3fff90945174
> [ 71.342757][ T1781] LR [0000000117b6d338] 0x117b6d338
> [ 71.346372][ T1781] ---- interrupt: c00
> [ 71.349938][ T1781] Code: 7929d182 0b090000 2c2f0000 4182ffd0 3d220122 3a093cc0 e9300000 7d297850 7d233674 7929d302 7c234800 41820010 <0fe00000> 4bfff661 4bffffb4 4bfff969
> [ 71.357572][ T1781] irq event stamp: 0
> [ 71.361401][ T1781] hardirqs last enabled at (0): [<0000000000000000>] 0x0
> [ 71.365343][ T1781] hardirqs last disabled at (0): [<c0000000000e938c>] .copy_process+0x9e4/0x2128
> [ 71.369291][ T1781] softirqs last enabled at (0): [<c0000000000e938c>] .copy_process+0x9e4/0x2128
> [ 71.373188][ T1781] softirqs last disabled at (0): [<0000000000000000>] 0x0
> [ 71.377087][ T1781] ---[ end trace 0000000000000000 ]---
> [ 71.393853][ T1781] ------------[ cut here ]------------
> [ 71.397878][ T1781] WARNING: [(unsigned long)v & mask] include/linux/instrumented.h:67 at .folios_put_refs+0x118/0x248, CPU#1: insmod/1781
> [ 71.406168][ T1781] Modules linked in: firewire_ohci(+) firewire_core netconsole 8021q garp stp mrp llc nouveau drm_ttm_helper ttm gpu_sched drm_client_lib i2c_algo_bit drm_display_helper drm_kms_helper drm_gpuvm drm_exec drm drm_panel_orientation_quirks windfarm_smu_sat binfmt_misc b43 rng_core cordic bcma mac80211 libarc4 windfarm_cpufreq_clamp cfg80211 snd_aoa_codec_tas snd_aoa_fabric_layout windfarm_pm72 snd_aoa windfarm_pid rfkill windfarm_max6690_sensor windfarm_fcu_controls windfarm_ad7417_sensor windfarm_lm75_sensor windfarm_core snd_aoa_i2sbus snd_aoa_soundbus snd_pcm joydev mousedev snd_timer mac_hid ssb snd soundcore rack_meter mmc_core uninorth_agp agpgart
> [ 71.433394][ T1781] CPU: 1 UID: 0 PID: 1781 Comm: insmod Tainted: G W 7.0.0-rc1 #2 PREEMPT
> [ 71.437972][ T1781] Tainted: [W]=WARN
> [ 71.442535][ T1781] Hardware name: PowerMac7,2 PPC970 0x390202 PowerMac
> [ 71.447736][ T1781] NIP: c0000000004a64a4 LR: c0000000004a69ec CTR: c0000000004a688c
> [ 71.453273][ T1781] REGS: c00000000dee6910 TRAP: 0700 Tainted: G W (7.0.0-rc1)
> [ 71.459350][ T1781] MSR: 900000000202b032 <SF,HV,VEC,EE,FP,ME,IR,DR,RI> CR: 44008842 XER: 20000000
> [ 71.465678][ T1781] IRQMASK: 0
> [ 71.465678][ T1781] GPR00: c0000000004a69ec c00000000dee6bb0 c000000001b7f100 c00000000dee6d68
> [ 71.465678][ T1781] GPR04: c00000000dee6cec c00000000dee6e70 c000000007295238 0000000000000007
> [ 71.465678][ T1781] GPR08: 0000000000000000 0000000000000001 0000a2f612000042 c0003d00010f7508
> [ 71.465678][ T1781] GPR12: 0000000044008842 c00000000ffff700 0000000000000000 0000000000000000
> [ 71.465678][ T1781] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000080000000
> [ 71.465678][ T1781] GPR20: 0000000000000001 0000000000000000 0000000000000000 c0000000038b1bb0
> [ 71.465678][ T1781] GPR24: 0000000000000000 c0003d000126a348 c00000000dee6cec 0000000000000000
> [ 71.465678][ T1781] GPR28: c00000000dee6d68 ffffffff815f0997 0000000000000006 0000a2f61200000e
> [ 71.521625][ T1781] NIP [c0000000004a64a4] .folios_put_refs+0x118/0x248
> [ 71.526860][ T1781] LR [c0000000004a69ec] .release_pages+0x160/0x17c
> [ 71.531889][ T1781] Call Trace:
> [ 71.536976][ T1781] [c00000000dee6bb0] [c0000001ff9b2808] 0xc0000001ff9b2808 (unreliable)
> [ 71.542101][ T1781] [c00000000dee6c70] [c0000000004a69ec] .release_pages+0x160/0x17c
> [ 71.752192][ T1781] BUG: Unable to handle kernel data access at 0xa2f612000042
> [ 71.756852][ T1781] Faulting instruction address: 0xc0000000004a6418
> [ 71.761078][ T1781] Oops: Kernel access of bad area, sig: 11 [#1]
> [ 71.765026][ T1781] BE PAGE_SIZE=4K MMU=Hash SMP NR_CPUS=2 PowerMac
> [ 71.769033][ T1781] Modules linked in: firewire_ohci(+) firewire_core netconsole 8021q garp stp mrp llc nouveau drm_ttm_helper ttm gpu_sched drm_client_lib i2c_algo_bit drm_display_helper drm_kms_helper drm_gpuvm drm_exec drm drm_panel_orientation_quirks windfarm_smu_sat binfmt_misc b43 rng_core cordic bcma mac80211 libarc4 windfarm_cpufreq_clamp cfg80211 snd_aoa_codec_tas snd_aoa_fabric_layout windfarm_pm72 snd_aoa windfarm_pid rfkill windfarm_max6690_sensor windfarm_fcu_controls windfarm_ad7417_sensor windfarm_lm75_sensor windfarm_core snd_aoa_i2sbus snd_aoa_soundbus snd_pcm joydev mousedev snd_timer mac_hid ssb snd soundcore rack_meter mmc_core uninorth_agp agpgart
> [ 71.795478][ T1781] CPU: 1 UID: 0 PID: 1781 Comm: insmod Tainted: G W 7.0.0-rc1 #2 PREEMPT
> [ 71.800475][ T1781] Tainted: [W]=WARN
> [ 71.805735][ T1781] Hardware name: PowerMac7,2 PPC970 0x390202 PowerMac
> [ 71.811373][ T1781] NIP: c0000000004a6418 LR: c0000000004a69ec CTR: c0000000004a688c
> [ 71.817080][ T1781] REGS: c00000000dee6910 TRAP: 0380 Tainted: G W (7.0.0-rc1)
> [ 71.822893][ T1781] MSR: 900000000200b032 <SF,HV,VEC,EE,FP,ME,IR,DR,RI> CR: 44008842 XER: 20000000
> [ 71.828920][ T1781] IRQMASK: 0
> [ 71.828920][ T1781] GPR00: c0000000004a69ec c00000000dee6bb0 c000000001b7f100 c00000000dee6d68
> [ 71.828920][ T1781] GPR04: c00000000dee6cec c00000000dee6e70 c000000007295238 0000000000000007
> [ 71.828920][ T1781] GPR08: 0000000000000000 0000000000000001 0000a2f612000042 c0003d00010f7508
> [ 71.828920][ T1781] GPR12: 0000000044008842 c00000000ffff700 0000000000000000 0000000000000000
> [ 71.828920][ T1781] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000080000000
> [ 71.828920][ T1781] GPR20: 0000000000000001 0000000000000000 0000000000000000 c0000000038b1bb0
> [ 71.828920][ T1781] GPR24: 0000000000000000 c0003d000126a348 c00000000dee6cec 0000000000000000
> [ 71.828920][ T1781] GPR28: c00000000dee6d68 ffffffff815f0997 0000000000000006 0000a2f61200000e
> [ 71.876903][ T1781] NIP [c0000000004a6418] .folios_put_refs+0x8c/0x248
> [ 71.881518][ T1781] LR [c0000000004a69ec] .release_pages+0x160/0x17c
> [ 71.886162][ T1781] Call Trace:
> [ 71.890705][ T1781] [c00000000dee6bb0] [c0000001ff9b2808] 0xc0000001ff9b2808 (unreliable)
> [ 71.895389][ T1781] [c00000000dee6c70] [c0000000004a69ec] .release_pages+0x160/0x17c
> [ 71.900095][ T1781] [c00000000dee6e90] [c0003d00010f20d0] .ar_context_init+0x368/0x38c [firewire_ohci]
> [ 71.904914][ T1781] [c00000000dee6fe0] [c0003d00010f5378] .pci_probe+0x25c/0x8c0 [firewire_ohci]
> [ 71.909699][ T1781] [c00000000dee70b0] [c000000000c6ad64] .pci_device_probe+0x108/0x26c
> [ 71.914467][ T1781] [c00000000dee7140] [c000000000d5ecc8] .really_probe+0x110/0x564
> [ 71.919165][ T1781] [c00000000dee71e0] [c000000000d5f1c8] .__driver_probe_device+0xac/0x1ec
> [ 71.923876][ T1781] [c00000000dee7270] [c000000000d5f468] .driver_probe_device+0x5c/0x120
> [ 71.928536][ T1781] [c00000000dee7300] [c000000000d5f928] .__driver_attach+0x1e8/0x384
> [ 71.933089][ T1781] [c00000000dee7390] [c000000000d5b3c8] .bus_for_each_dev+0xac/0x12c
> [ 71.937524][ T1781] [c00000000dee7440] [c000000000d5e274] .driver_attach+0x34/0x4c
> [ 71.941789][ T1781] [c00000000dee74c0] [c000000000d5d5b8] .bus_add_driver+0x2a0/0x334
> [ 71.945940][ T1781] [c00000000dee7560] [c000000000d60d8c] .driver_register+0x84/0x1b8
> [ 71.949921][ T1781] [c00000000dee75e0] [c000000000c698e4] .__pci_register_driver+0x8c/0xac
> [ 71.953800][ T1781] [c00000000dee7670] [c0003d00010f6ea4] .fw_ohci_init+0x30/0x44 [firewire_ohci]
> [ 71.957583][ T1781] [c00000000dee76e0] [c00000000000ef58] .do_one_initcall+0x8c/0x5d4
> [ 71.961314][ T1781] [c00000000dee77e0] [c00000000021aae4] .do_init_module+0x70/0x33c
> [ 71.965033][ T1781] [c00000000dee7870] [c00000000021de5c] .init_module_from_file+0x110/0x134
> [ 71.968674][ T1781] [c00000000dee79a0] [c00000000021e0ec] .idempotent_init_module+0x26c/0x34c
> [ 71.972301][ T1781] [c00000000dee7af0] [c00000000021e270] .__se_sys_finit_module+0xa4/0x188
> [ 71.975866][ T1781] [c00000000dee7ba0] [c00000000002b73c] .system_call_exception+0x16c/0x280
> [ 71.979337][ T1781] [c00000000dee7e10] [c00000000000b754] system_call_common+0xf4/0x258
> [ 71.982732][ T1781] ---- interrupt: c00 at 0x3fff90945174
> [ 71.986164][ T1781] NIP: 00003fff90945174 LR: 0000000117b6d338 CTR: 0000000000000000
> [ 71.989622][ T1781] REGS: c00000000dee7e80 TRAP: 0c00 Tainted: G W (7.0.0-rc1)
> [ 71.993162][ T1781] MSR: 900000000200f032 <SF,HV,VEC,EE,PR,FP,ME,IR,DR,RI> CR: 20000202 XER: 00000000
> [ 71.996866][ T1781] IRQMASK: 0
> [ 71.996866][ T1781] GPR00: 0000000000000161 00003ffff63304b0 00003fff909f0e00 0000000000000003
> [ 71.996866][ T1781] GPR04: 0000000117b7a6f8 0000000000000000 0000000000000000 0000000000000000
> [ 71.996866][ T1781] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 71.996866][ T1781] GPR12: 0000000000000000 00003fff909f2d28 0000000000000000 0000000000000000
> [ 71.996866][ T1781] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000080000000
> [ 71.996866][ T1781] GPR20: 0000000000000001 0000000000000000 0000000000000000 00003ffff63317c4
> [ 71.996866][ T1781] GPR24: 00003ffff6330800 0000000117b7b788 00003fff907ee870 0000000117b7a6f8
> [ 71.996866][ T1781] GPR28: 0000000000000000 0000000000000000 00003fff907eef50 00003ffff63304b0
> [ 72.029204][ T1781] NIP [00003fff90945174] 0x3fff90945174
> [ 72.032647][ T1781] LR [0000000117b6d338] 0x117b6d338
> [ 72.036099][ T1781] ---- interrupt: c00
> [ 72.039484][ T1781] Code: 3bc00000 fba100a8 fbe100b8 3b600000 48000088 60000000 73ea0003 7bc91764 395f0034 7d3a4aaa 40820094 7c0004ac <7fa05028> 7fa9e810 7fa0512d 40c2fff4
> [ 72.046718][ T1781] ---[ end trace 0000000000000000 ]---
> [ 72.050575][ T1781]
> [ 73.044412][ T1781] Kernel panic - not syncing: Fatal exception
> [ 73.047957][ T1781] ---[ end Kernel panic - not syncing: Fatal exception ]---