From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gregkh@linuxfoundation.org>
Return-Path: <gregkh@linuxfoundation.org>
Subject: Patch "virtio: force vring descriptors to be allocated from lowmem" has been added to the 3.7-stable tree
To: will.deacon@arm.com,gregkh@linuxfoundation.org,levinsasha928@gmail.com,rusty@rustcorp.com.au
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Tue, 08 Jan 2013 10:27:09 -0800
Message-ID: <13576696291097@kroah.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ASCII
Content-Transfer-Encoding: 8bit
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    virtio: force vring descriptors to be allocated from lowmem

to the 3.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     virtio-force-vring-descriptors-to-be-allocated-from-lowmem.patch
and it can be found in the queue-3.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From b92b1b89a33c172c075edccf6afb0edc41d851fd Mon Sep 17 00:00:00 2001
From: Will Deacon <will.deacon@arm.com>
Date: Fri, 19 Oct 2012 14:03:33 +0100
Subject: virtio: force vring descriptors to be allocated from lowmem

From: Will Deacon <will.deacon@arm.com>

commit b92b1b89a33c172c075edccf6afb0edc41d851fd upstream.

Virtio devices may attempt to add descriptors to a virtqueue from atomic
context using GFP_ATOMIC allocation. This is problematic because such
allocations can fall outside of the lowmem mapping, causing virt_to_phys
to report bogus physical addresses which are subsequently passed to
userspace via the buffers for the virtual device.

This patch masks out __GFP_HIGH and __GFP_HIGHMEM from the requested
flags when allocating descriptors for a virtqueue. If an atomic
allocation is requested and later fails, we will return -ENOSPC which
will be handled by the driver.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Cc: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/virtio/virtio_ring.c |    7 +++++++
 1 file changed, 7 insertions(+)

--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -135,6 +135,13 @@ static int vring_add_indirect(struct vri
 	unsigned head;
 	int i;
 
+	/*
+	 * We require lowmem mappings for the descriptors because
+	 * otherwise virt_to_phys will give us bogus addresses in the
+	 * virtqueue.
+	 */
+	gfp &= ~(__GFP_HIGHMEM | __GFP_HIGH);
+
 	desc = kmalloc((out + in) * sizeof(struct vring_desc), gfp);
 	if (!desc)
 		return -ENOMEM;


Patches currently in stable-queue which might be from will.deacon@arm.com are

queue-3.7/mm-highmem-export-kmap_to_page-for-modules.patch
queue-3.7/arm64-signal-push-the-unwinding-prologue-on-the-signal-stack.patch
queue-3.7/virtio-9p-correctly-pass-physical-address-to-userspace-for-high-pages.patch
queue-3.7/virtio-force-vring-descriptors-to-be-allocated-from-lowmem.patch