git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Arnd Bergmann <arnd@arndb.de>
	Mon, 19 Jan 2026 20:15:12 +0000 (21:15 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 30 Jan 2026 09:32:26 +0000 (10:32 +0100)
commit	03faa61eb4b9ca9aa09bd91d4c3773d8e7b1ac98
tree	0215093d753782fc7e114c0c5bdb9b88a05004a5	tree \| snapshot
parent	cdb3f95a94f9f5cad054260de551942942e8a8f7	commit \| diff

irqchip/gic-v3-its: Avoid truncating memory addresses

commit 8d76a7d89c12d08382b66e2f21f20d0627d14859 upstream.

On 32-bit machines with CONFIG_ARM_LPAE, it is possible for lowmem
allocations to be backed by addresses physical memory above the 32-bit
address limit, as found while experimenting with larger VMSPLIT
configurations.

This caused the qemu virt model to crash in the GICv3 driver, which
allocates the 'itt' object using GFP_KERNEL. Since all memory below
the 4GB physical address limit is in ZONE_DMA in this configuration,
kmalloc() defaults to higher addresses for ZONE_NORMAL, and the
ITS driver stores the physical address in a 32-bit 'unsigned long'
variable.

Change the itt_addr variable to the correct phys_addr_t type instead,
along with all other variables in this driver that hold a physical
address.

The gicv5 driver correctly uses u64 variables, while all other irqchip
drivers don't call virt_to_phys or similar interfaces. It's expected that
other device drivers have similar issues, but fixing this one is
sufficient for booting a virtio based guest.

Fixes: cc2d3216f53c ("irqchip: GICv3: ITS command queue")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/20260119201603.2713066-1-arnd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>