Re: [PATCH 6.6.y] dmaengine: idxd: Fix leaking event log memory

Next message: Sasha Levin: "Re: [PATCH stable 5.15] um: virt-pci: Fix build failure"
Previous message: Praveen Talari: "Re: [PATCH v1 1/2] spi: qcom-geni: trace: Add trace events for Qualcomm GENI SPI"
Next in thread: Wenshan Lan: "Re: [PATCH 6.6.y] dmaengine: idxd: Fix leaking event log memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sasha Levin

Date: Fri May 08 2026 - 22:08:54 EST

On Thu, May 07, 2026 at 12:04:15PM +0800, Wenshan Lan wrote:
> From: Vinicius Costa Gomes <vinicius.gomes@xxxxxxxxx>
>
> [ Upstream commit ee66bc29578391c9b48523dc9119af67bd5c7c0f ]
>
> - gencfg.bits = ioread32(idxd->reg_base + IDXD_GENCFG_OFFSET);
> - if (!gencfg.evl_en)
> - return;
> -
> mutex_lock(&evl->lock);

This drops the only thing that protects no-evl-capable hardware
(idxd->evl == NULL) from dereferencing evl in idxd_device_evl_free().
On 6.6, idxd_init_evl() returns 0 without allocating evl when
hw.gen_cap.evl_support == 0, and idxd_device_evl_free() is still
reachable in that path, so taking ee66bc29 alone will introduce a
NULL deref on hardware without event-log support.

The required prerequisite is upstream commit 52d2edea0d63c
("dmaengine: idxd: Fix crash when the event log is disabled"), which
adds the "if (!evl) return;" guard at the top of idxd_device_evl_free().
It landed as patch 2 of the same v3 series and is missing from 6.6.y.

Could you resend as a 2-patch series with 52d2edea0d63c as the
prerequisite? Then I'm happy to queue both for 6.6.y.

--
Thanks,
Sasha