git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Arnd Bergmann <arnd@arndb.de>
	Mon, 19 Jan 2026 20:15:12 +0000 (21:15 +0100)
committer	Thomas Gleixner <tglx@kernel.org>
	Tue, 20 Jan 2026 09:11:29 +0000 (10:11 +0100)
commit	8d76a7d89c12d08382b66e2f21f20d0627d14859
tree	eaf55ed271f42086795e1ffa6ef2bf4ad8caa5c1	tree \| snapshot
parent	cd4a3ced4d1cdb14ffe905657b98a91e9d239dfb	commit \| diff

irqchip/gic-v3-its: Avoid truncating memory addresses

On 32-bit machines with CONFIG_ARM_LPAE, it is possible for lowmem
allocations to be backed by addresses physical memory above the 32-bit
address limit, as found while experimenting with larger VMSPLIT
configurations.

This caused the qemu virt model to crash in the GICv3 driver, which
allocates the 'itt' object using GFP_KERNEL. Since all memory below
the 4GB physical address limit is in ZONE_DMA in this configuration,
kmalloc() defaults to higher addresses for ZONE_NORMAL, and the
ITS driver stores the physical address in a 32-bit 'unsigned long'
variable.

Change the itt_addr variable to the correct phys_addr_t type instead,
along with all other variables in this driver that hold a physical
address.

The gicv5 driver correctly uses u64 variables, while all other irqchip
drivers don't call virt_to_phys or similar interfaces. It's expected that
other device drivers have similar issues, but fixing this one is
sufficient for booting a virtio based guest.

Fixes: cc2d3216f53c ("irqchip: GICv3: ITS command queue")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/20260119201603.2713066-1-arnd@kernel.org