From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
James Bottomley <JBottomley@Parallels.com>,
Subhash Jadavani <subhashj@codeaurora.org>,
Russell King <rmk+kernel@arm.linux.org.uk>
Subject: [ 05/33] ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with sparsemem
Date: Fri, 1 Feb 2013 11:49:10 +0100 [thread overview]
Message-ID: <20130201104725.002076791@linuxfoundation.org> (raw)
In-Reply-To: <20130201104724.605715763@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Russell King <rmk+kernel@arm.linux.org.uk>
commit 15653371c67c3fbe359ae37b720639dd4c7b42c5 upstream.
Subhash Jadavani reported this partial backtrace:
Now consider this call stack from MMC block driver (this is on the ARMv7
based board):
[<c001b50c>] (v7_dma_inv_range+0x30/0x48) from [<c0017b8c>] (dma_cache_maint_page+0x1c4/0x24c)
[<c0017b8c>] (dma_cache_maint_page+0x1c4/0x24c) from [<c0017c28>] (___dma_page_cpu_to_dev+0x14/0x1c)
[<c0017c28>] (___dma_page_cpu_to_dev+0x14/0x1c) from [<c0017ff8>] (dma_map_sg+0x3c/0x114)
This is caused by incrementing the struct page pointer, and running off
the end of the sparsemem page array. Fix this by incrementing by pfn
instead, and convert the pfn to a struct page.
Suggested-by: James Bottomley <JBottomley@Parallels.com>
Tested-by: Subhash Jadavani <subhashj@codeaurora.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mm/dma-mapping.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
--- a/arch/arm/mm/dma-mapping.c
+++ b/arch/arm/mm/dma-mapping.c
@@ -503,25 +503,27 @@ static void dma_cache_maint_page(struct
size_t size, enum dma_data_direction dir,
void (*op)(const void *, size_t, int))
{
+ unsigned long pfn;
+ size_t left = size;
+
+ pfn = page_to_pfn(page) + offset / PAGE_SIZE;
+ offset %= PAGE_SIZE;
+
/*
* A single sg entry may refer to multiple physically contiguous
* pages. But we still need to process highmem pages individually.
* If highmem is not configured then the bulk of this loop gets
* optimized out.
*/
- size_t left = size;
do {
size_t len = left;
void *vaddr;
+ page = pfn_to_page(pfn);
+
if (PageHighMem(page)) {
- if (len + offset > PAGE_SIZE) {
- if (offset >= PAGE_SIZE) {
- page += offset / PAGE_SIZE;
- offset %= PAGE_SIZE;
- }
+ if (len + offset > PAGE_SIZE)
len = PAGE_SIZE - offset;
- }
vaddr = kmap_high_get(page);
if (vaddr) {
vaddr += offset;
@@ -538,7 +540,7 @@ static void dma_cache_maint_page(struct
op(vaddr, len, dir);
}
offset = 0;
- page++;
+ pfn++;
left -= len;
} while (left);
}
next prev parent reply other threads:[~2013-02-01 10:49 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-01 10:49 [ 00/33] 3.4.29-stable review Greg Kroah-Hartman
2013-02-01 10:49 ` [ 01/33] can: c_can: fix invalid error codes Greg Kroah-Hartman
2013-02-01 10:49 ` [ 02/33] can: ti_hecc: " Greg Kroah-Hartman
2013-02-01 10:49 ` [ 03/33] can: pch_can: " Greg Kroah-Hartman
2013-02-01 10:49 ` [ 04/33] fs/cifs/cifs_dfs_ref.c: fix potential memory leakage Greg Kroah-Hartman
2013-02-01 10:49 ` Greg Kroah-Hartman [this message]
2013-02-01 10:49 ` [ 06/33] ARM: at91: rm9200: remake the BGA as default version Greg Kroah-Hartman
2013-02-01 10:49 ` [ 07/33] ARM: 7627/1: Predicate preempt logic on PREEMP_COUNT not PREEMPT alone Greg Kroah-Hartman
2013-02-01 10:49 ` [ 08/33] Bluetooth: Fix sending HCI commands after reset Greg Kroah-Hartman
2013-02-01 10:49 ` [ 09/33] drm/radeon: fix cursor corruption on DCE6 and newer Greg Kroah-Hartman
2013-02-01 10:49 ` [ 10/33] radeon_display: Use pointer return error codes Greg Kroah-Hartman
2013-02-01 10:49 ` [ 11/33] IOMMU, AMD Family15h Model10-1Fh erratum 746 Workaround Greg Kroah-Hartman
2013-02-01 10:49 ` [ 12/33] xfs: Fix possible use-after-free with AIO Greg Kroah-Hartman
2013-02-01 10:49 ` [ 13/33] mwifiex: fix typo in PCIe adapter NULL check Greg Kroah-Hartman
2013-02-01 10:49 ` [ 14/33] iwlegacy: fix IBSS cleanup Greg Kroah-Hartman
2013-02-03 0:20 ` Ben Hutchings
2013-02-04 10:18 ` Stanislaw Gruszka
2013-02-01 10:49 ` [ 15/33] brcmsmac: increase timer reference count for new timers only Greg Kroah-Hartman
2013-02-01 10:49 ` [ 16/33] mac80211: fix FT roaming Greg Kroah-Hartman
2013-02-01 10:49 ` [ 17/33] ath9k_htc: Fix memory leak Greg Kroah-Hartman
2013-02-01 10:49 ` [ 18/33] ath9k: do not link receive buffers during flush Greg Kroah-Hartman
2013-02-01 10:49 ` [ 19/33] ath9k: fix double-free bug on beacon generate failure Greg Kroah-Hartman
2013-02-01 10:49 ` [ 20/33] ALSA: usb-audio: fix invalid length check for RME and other UAC 2 devices Greg Kroah-Hartman
2013-02-01 10:49 ` [ 21/33] ALSA: hda - Add a fixup for Packard-Bell desktop with ALC880 Greg Kroah-Hartman
2013-02-01 10:49 ` [ 22/33] EDAC: Test correct variable in ->store function Greg Kroah-Hartman
2013-02-01 10:49 ` [ 23/33] ASoC: wm2200: correct mixer values and text Greg Kroah-Hartman
2013-02-01 10:49 ` [ 24/33] Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() Greg Kroah-Hartman
2013-02-01 10:49 ` [ 25/33] iommu/intel: disable DMAR for g4x integrated gfx Greg Kroah-Hartman
2013-02-01 10:49 ` [ 26/33] mac80211: synchronize scan off/on-channel and PS states Greg Kroah-Hartman
2013-02-01 10:49 ` [ 27/33] NFS: Dont silently fail setattr() requests on mountpoints Greg Kroah-Hartman
2013-02-01 10:49 ` [ 28/33] smp: Fix SMP function call empty cpu mask race Greg Kroah-Hartman
2013-02-01 10:49 ` [ 29/33] x86/msr: Add capabilities check Greg Kroah-Hartman
2013-02-01 10:49 ` [ 30/33] efi, x86: Pass a proper identity mapping in efi_call_phys_prelog Greg Kroah-Hartman
2013-02-01 10:49 ` [ 31/33] x86, efi: Set runtime_version to the EFI spec revision Greg Kroah-Hartman
2013-02-01 10:49 ` [ 32/33] x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI Greg Kroah-Hartman
2013-02-01 10:49 ` [ 33/33] target: fix regression with dev_link_magic in target_fabric_port_link Greg Kroah-Hartman
2013-02-01 23:25 ` [ 00/33] 3.4.29-stable review Shuah Khan
2013-02-02 21:49 ` Satoru Takeuchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130201104725.002076791@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=JBottomley@Parallels.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rmk+kernel@arm.linux.org.uk \
--cc=stable@vger.kernel.org \
--cc=subhashj@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).