Re: [PATCH 6/8] iommu/qcom: Add NULL ctx check in TLB invalidation paths

Next message: Lorenzo Stoakes: "Re: [PATCH 1/2] mm/swap: rename subpage-&gt;page in folio_dup_swap/folio_put_swap"
Previous message: Jonathan Cavitt: "[PATCH v5 2/2] drm/xe/vm: Add srcid to xe_vm_get_property_ioctl fault report"
In reply to: Mukesh Ojha: "[PATCH 6/8] iommu/qcom: Add NULL ctx check in TLB invalidation paths"
Next in thread: Robin Murphy: "Re: [PATCH 6/8] iommu/qcom: Add NULL ctx check in TLB invalidation paths"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Konrad Dybcio

Date: Tue Jun 23 2026 - 12:47:24 EST

On 6/23/26 2:20 PM, Mukesh Ojha wrote:
> to_ctx() returns qcom_iommu->ctxs[asid], which can be NULL if the
> corresponding context bank failed to probe or was already removed.
> qcom_iommu_tlb_sync(), qcom_iommu_tlb_inv_context(), and
> qcom_iommu_tlb_inv_range_nosync() all dereference the returned pointer
> directly, risking a NULL pointer dereference.
>
> Add WARN_ON(!ctx) guards with continue so TLB operations skip
> broken context banks without crashing.
>
> Signed-off-by: Mukesh Ojha <mukesh.ojha@xxxxxxxxxxxxxxxx>
> ---
> drivers/iommu/arm/arm-smmu/qcom_iommu.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/drivers/iommu/arm/arm-smmu/qcom_iommu.c b/drivers/iommu/arm/arm-smmu/qcom_iommu.c
> index 40fb0408dc07..51b60b296bb8 100644
> --- a/drivers/iommu/arm/arm-smmu/qcom_iommu.c
> +++ b/drivers/iommu/arm/arm-smmu/qcom_iommu.c
> @@ -121,6 +121,9 @@ static void qcom_iommu_tlb_sync(void *cookie)
> struct qcom_iommu_ctx *ctx = to_ctx(qcom_domain, fwspec->ids[i]);
> unsigned int val, ret;
>
> + if (WARN_ON(!ctx))
> + continue;

I'm rather unamused that we have to deal with this in the first
place.. I don't know if this can be easily reworked to be more
predictable, but this works in the interim

Reviewed-by: Konrad Dybcio <konrad.dybcio@xxxxxxxxxxxxxxxx>

Konrad