Commit 3b5220a0 authored Oct 24, 2025 by Daniel Mentz Committed by Isaac Manjarres Oct 27, 2025

ANDROID: iommu/arm-smmu-v3: Handle NULL gather in arm_smmu_tlb_inv_page_nosync



Commit be9ba86c ("ANDROID: iommu/io-pgtable: Always call
io_pgtable_tlb_add_page even if gather is NULL") modified the core
io-pgtable logic to always call the .tlb_add_page callback, even when
the iotlb_gather object is NULL.

The Arm SMMUv3 implementation of this callback,
arm_smmu_tlb_inv_page_nosync(), did not anticipate this change. It
passes the 'gather' pointer directly to iommu_iotlb_gather_add_page(),
which will dereference it, leading to a NULL pointer dereference when
'gather' is NULL.

Fix this by adding a check to ensure 'gather' is not NULL before calling
iommu_iotlb_gather_add_page().

Bug: 450108340
Fixes: be9ba86c ("ANDROID: iommu/io-pgtable: Always call io_pgtable_tlb_add_page even if gather is NULL")
Change-Id: I8143cf71939c470b812c94307f956b8c6b6e4996
Signed-off-by: Daniel Mentz <danielmentz@google.com>

parent cd52fcbd

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit bdc81b76
· Nov 05, 2025

mentioned in commit bdc81b76

mentioned in commit bdc81b76cc3e91b2a805bff546c72244ef2504fd

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 6b6ffe2c
· Nov 05, 2025

mentioned in commit 6b6ffe2c

mentioned in commit 6b6ffe2c091924ce45dff6afb5304312a64ed6f0

Toggle commit list

Please to comment