From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Shuah Khan <shuahkhan@gmail.com>,
Russell King <rmk+kernel@armlinux.org.uk>,
Sasha Levin <alexander.levin@verizon.com>
Subject: [PATCH 3.18 26/38] ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory
Date: Fri, 22 Dec 2017 09:46:39 +0100 [thread overview]
Message-ID: <20171222084453.231258792@linuxfoundation.org> (raw)
In-Reply-To: <20171222084451.623495387@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Russell King <rmk+kernel@armlinux.org.uk>
[ Upstream commit 916a008b4b8ecc02fbd035cfb133773dba1ff3d7 ]
dma_get_sgtable() tries to create a scatterlist table containing valid
struct page pointers for the coherent memory allocation passed in to it.
However, memory can be declared via dma_declare_coherent_memory(), or
via other reservation schemes which means that coherent memory is not
guaranteed to be backed by struct pages. In such cases, the resulting
scatterlist table contains pointers to invalid pages, which causes
kernel oops later.
This patch adds detection of such memory, and refuses to create a
scatterlist table for such memory.
Reported-by: Shuah Khan <shuahkhan@gmail.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mm/dma-mapping.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
--- a/arch/arm/mm/dma-mapping.c
+++ b/arch/arm/mm/dma-mapping.c
@@ -749,13 +749,31 @@ static void arm_coherent_dma_free(struct
__arm_dma_free(dev, size, cpu_addr, handle, attrs, true);
}
+/*
+ * The whole dma_get_sgtable() idea is fundamentally unsafe - it seems
+ * that the intention is to allow exporting memory allocated via the
+ * coherent DMA APIs through the dma_buf API, which only accepts a
+ * scattertable. This presents a couple of problems:
+ * 1. Not all memory allocated via the coherent DMA APIs is backed by
+ * a struct page
+ * 2. Passing coherent DMA memory into the streaming APIs is not allowed
+ * as we will try to flush the memory through a different alias to that
+ * actually being used (and the flushes are redundant.)
+ */
int arm_dma_get_sgtable(struct device *dev, struct sg_table *sgt,
void *cpu_addr, dma_addr_t handle, size_t size,
struct dma_attrs *attrs)
{
- struct page *page = pfn_to_page(dma_to_pfn(dev, handle));
+ unsigned long pfn = dma_to_pfn(dev, handle);
+ struct page *page;
int ret;
+ /* If the PFN is not valid, we do not have a struct page */
+ if (!pfn_valid(pfn))
+ return -ENXIO;
+
+ page = pfn_to_page(pfn);
+
ret = sg_alloc_table(sgt, 1, GFP_KERNEL);
if (unlikely(ret))
return ret;
next prev parent reply other threads:[~2017-12-22 8:46 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-22 8:46 [PATCH 3.18 00/38] 3.18.90-stable review Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 01/38] arm64: Initialise high_memory global variable earlier Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 02/38] ALSA: hda - add support for docking station for HP 820 G2 Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 03/38] cpuidle: Validate cpu_dev in cpuidle_add_sysfs() Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 04/38] r8152: fix the list rx_done may be used without initialization Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 05/38] crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 07/38] usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 08/38] usb: gadget: udc: remove pointer dereference after free Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 09/38] netfilter: nfnl_cthelper: fix runtime expectation policy updates Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 10/38] netfilter: nfnl_cthelper: Fix memory leak Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 11/38] scsi: lpfc: Fix PT2PT PRLI reject Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 14/38] hwmon: (asus_atk0110) fix uninitialized data access Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 15/38] i2c: mux: pca954x: Add missing pca9546 definition to chip_desc Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 16/38] HID: xinmo: fix for out of range for THT 2P arcade controller Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 17/38] s390/qeth: no ETH header for outbound AF_IUCV Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 18/38] net: Do not allow negative values for busy_read and busy_poll sysctl interfaces Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 19/38] i40e: Do not enable NAPI on q_vectors that have no rings Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 20/38] irda: vlsi_ir: fix check for DMA mapping errors Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 21/38] netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 22/38] netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 23/38] ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 24/38] isdn: kcapi: avoid uninitialized data Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 25/38] xhci: plat: Register shutdown for xhci_plat Greg Kroah-Hartman
2017-12-22 8:46 ` Greg Kroah-Hartman [this message]
2017-12-22 8:46 ` [PATCH 3.18 27/38] cpuidle: powernv: Pass correct drv->cpumask for registration Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 28/38] backlight: pwm_bl: Fix overflow condition Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 29/38] crypto: crypto4xx - increase context and scatter ring buffer elements Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 30/38] net: phy: at803x: Change error to EINVAL for invalid MAC Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 31/38] PCI: Avoid bus reset if bridge itself is broken Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 32/38] scsi: cxgb4i: fix Tx skb leak Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 33/38] PCI: Create SR-IOV virtfn/physfn links before attaching driver Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 34/38] igb: check memory allocation failure Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 35/38] PCI/AER: Report non-fatal errors only to the affected endpoint Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 36/38] scsi: lpfc: Fix secure firmware updates Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 37/38] scsi: lpfc: PLOGI failures during NPIV testing Greg Kroah-Hartman
2017-12-22 8:46 ` [PATCH 3.18 38/38] fm10k: ensure we process SM mbx when processing VF mbx Greg Kroah-Hartman
2017-12-22 17:53 ` [PATCH 3.18 00/38] 3.18.90-stable review Guenter Roeck
2017-12-23 9:18 ` Greg Kroah-Hartman
2017-12-22 21:12 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171222084453.231258792@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@verizon.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rmk+kernel@armlinux.org.uk \
--cc=shuahkhan@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).