[PATCH] iommu/arm-smmu: pass smmu->dev to report_iommu_fault

[Will Deacon]

On Mon, May 18, 2026 at 06:00:14PM +0100, Robin Murphy wrote:
> On 17/05/2026 1:50 am, Shyam Saini wrote:
> > report_iommu_fault() passes the dev argument to trace_io_page_fault(),
> > which dereferences it via dev_name() and dev_driver_string(). Passing
> > NULL causes a kernel crash when the io_page_fault tracepoint is
> > enabled.
> > 
> > In arm-smmu.c, 'commit f8f934c180f6 ("iommu/arm-smmu: Add support for driver IOMMU fault handlers")'
> > replaced a dev_err_ratelimited() call that correctly used smmu->dev with
> 
> I'm not sure it was really correct - it's pretty clear that "dev" is
> intended to be the client device that _caused_ the fault, since why would it
> make any sense to pass the IOMMU device to some other driver/subsystem's
> fault handler? (Yes, other IOMMU drivers already do that; I would consider
> them just as wrong too).
> 
> IMO it would seem more robust to just fix the tracepoint to handle a NULL
> "dev" in the case that one can't (easily) be identified.

Yeah, I agree. Passing the SMMU device just because it's the only thing
we have is just a bodge around the NULL dereference. We'd be better off
hacking include/trace/events/iommu.h to print placeholder "(NULL)"
entries when the device pointer is NULL.

Will