Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp17929366ybl; Thu, 2 Jan 2020 15:01:44 -0800 (PST) X-Google-Smtp-Source: APXvYqw3cacfp0clfDihnZhY4fG9mt8LkI6YHBpm/8HYvl9dxo8PujTbFl7e4BxBeMXtTkwScEjG X-Received: by 2002:a9d:60c4:: with SMTP id b4mr72022106otk.166.1578006104701; Thu, 02 Jan 2020 15:01:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578006104; cv=none; d=google.com; s=arc-20160816; b=A/RkjpJLkRc6o5R5ftVD4bQBwNkruwS7RM+E2ePPc9cYBT9lbjY9Xzb0vc1H7IQskR lHrUZNxnblsFr4jsXzVS4UhMeyJn2866VT4nDwElVQ7OXoPDsz/XAmJMqAqtAotsiWB8 c2xbNCFvEXwR/83OMPYmJ6L3vJ/VmjuFv0UKzwDn58m07djURC0LeNyYxlDry7U1nuHK gPJ9fOkVxSFYGu0nKfjcO+L93J/5sUV0OZeUuRYWvc/Ool5v2Bg024Sl9NB3NCwU8eU+ DeEhEn2MKmX2ALJmV22er79llucQU1bueQKpPrDumpi5u/nMUOzA4rzp3FhKExLT80og JFSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=XrBDjnyaCBUxOs1bbCbbsn08jmHtxevoIgxyjWq1XKI=; b=hXSjwcmhWmr0SyyhyV3JuwADQWlrJ5CmMTAUcAtpXsSyIqFEXzmm4jliwsVQgPhQ0Y h4aoKiMttIQIfcD5rM9zuWkSxKP34iulZq8/ZjL0+kAIcWZsYk7dmQfPR7CVvZzwjo/n FIUNYqMT7ZVtehZkY2SU/0GY0Y4p9h4xIScS7KPnU5sLA18qZ9Qu/pclU+EATPqj2NpM 2FEJ/Z0tZcUYpAYjz8+Kaq/oxJEnzee147wBPJg9b6MHx+/fKdoLszAt5a6T03v4S1HR qhTyp1RtAhn1djOtB1wzazAamtZcb1q4vNvT7FBFuFWQ1iq6Q2rmMFourfErmS//agef BrBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BZT+rDLK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l131si27719747oig.120.2020.01.02.15.01.32; Thu, 02 Jan 2020 15:01:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BZT+rDLK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728023AbgABXAU (ORCPT + 99 others); Thu, 2 Jan 2020 18:00:20 -0500 Received: from mail.kernel.org ([198.145.29.99]:52648 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727226AbgABWNF (ORCPT ); Thu, 2 Jan 2020 17:13:05 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1F6D721D7D; Thu, 2 Jan 2020 22:13:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578003184; bh=PBHb5ijfB+T3bwG+9x4hokUpoUPYGrSirFzfyZnrxJY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BZT+rDLKybt1uOAMNvSI0/2gZfPqfatkYhUewVfcTTnvR4zPtcYjLxGc1XjCkVQrE LMWryoQW80m6MBL/7spyXRCy/Wd3ItNVw/9TZ2qXfqiHJp8C8VkdchCHFQLsMaeRQ0 bnUYzTCRw6TBah1lM+J4eeazru/ZuhM8X64Luack= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nicolas Saenz Julienne , Christoph Hellwig , Sasha Levin Subject: [PATCH 5.4 054/191] dma-direct: check for overflows on 32 bit DMA addresses Date: Thu, 2 Jan 2020 23:05:36 +0100 Message-Id: <20200102215835.696014868@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200102215829.911231638@linuxfoundation.org> References: <20200102215829.911231638@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Nicolas Saenz Julienne [ Upstream commit b12d66278dd627cbe1ea7c000aa4715aaf8830c8 ] As seen on the new Raspberry Pi 4 and sta2x11's DMA implementation it is possible for a device configured with 32 bit DMA addresses and a partial DMA mapping located at the end of the address space to overflow. It happens when a higher physical address, not DMAable, is translated to it's DMA counterpart. For example the Raspberry Pi 4, configurable up to 4 GB of memory, has an interconnect capable of addressing the lower 1 GB of physical memory with a DMA offset of 0xc0000000. It transpires that, any attempt to translate physical addresses higher than the first GB will result in an overflow which dma_capable() can't detect as it only checks for addresses bigger then the maximum allowed DMA address. Fix this by verifying in dma_capable() if the DMA address range provided is at any point lower than the minimum possible DMA address on the bus. Signed-off-by: Nicolas Saenz Julienne Signed-off-by: Christoph Hellwig Signed-off-by: Sasha Levin --- include/linux/dma-direct.h | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index adf993a3bd58..6a18a97b76a8 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -3,8 +3,11 @@ #define _LINUX_DMA_DIRECT_H 1 #include +#include /* for min_low_pfn */ #include +static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr); + #ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA #include #else @@ -24,11 +27,16 @@ static inline phys_addr_t __dma_to_phys(struct device *dev, dma_addr_t dev_addr) static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size) { + dma_addr_t end = addr + size - 1; + if (!dev->dma_mask) return false; - return addr + size - 1 <= - min_not_zero(*dev->dma_mask, dev->bus_dma_mask); + if (!IS_ENABLED(CONFIG_ARCH_DMA_ADDR_T_64BIT) && + min(addr, end) < phys_to_dma(dev, PFN_PHYS(min_low_pfn))) + return false; + + return end <= min_not_zero(*dev->dma_mask, dev->bus_dma_mask); } #endif /* !CONFIG_ARCH_HAS_PHYS_TO_DMA */ -- 2.20.1