Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1949074AbdDYS0E (ORCPT ); Tue, 25 Apr 2017 14:26:04 -0400 Received: from foss.arm.com ([217.140.101.70]:45842 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1948869AbdDYSZx (ORCPT ); Tue, 25 Apr 2017 14:25:53 -0400 Date: Tue, 25 Apr 2017 19:25:49 +0100 From: Catalin Marinas To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , a.hajda@samsung.com, geert@linux-m68k.org, Laura Abbott , robin.murphy@arm.com, linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH] drivers: dma-mapping: Do not leave an invalid area->pages pointer in dma_common_contiguous_remap() Message-ID: <20170425182549.GA18677@e104818-lin.cambridge.arm.com> References: <1493144543-2497-1-git-send-email-catalin.marinas@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1493144543-2497-1-git-send-email-catalin.marinas@arm.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1054 Lines: 24 On Tue, Apr 25, 2017 at 07:22:23PM +0100, Catalin Marinas wrote: > The dma_common_pages_remap() function allocates a vm_struct object and > initialises the pages pointer to value passed as argument. However, when > this function is called dma_common_contiguous_remap(), the pages array > is only temporarily allocated, being freed shortly after > dma_common_contiguous_remap() returns. Architecture code checking the > validity of an area->pages pointer would incorrectly dereference already > freed pointers. This has been exposed by the arm64 commit 44176bb38fa4 > ("arm64: Add support for DMA_ATTR_FORCE_CONTIGUOUS to IOMMU"). > > Fixes: 513510ddba96 ("common: dma-mapping: introduce common remapping functions") > Cc: Laura Abbott > Cc: Greg Kroah-Hartman > Reported-by: Andrzej Hajda > Signed-off-by: Catalin Marinas Small correction on the subject, the prefix should be something like: drivers: dma-mapping: It's not an arm64 patch. -- Catalin