Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp1251946ybk; Thu, 14 May 2020 04:31:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzE+l5tnT9rdOPrKHgvUASIDUCPA1N8NOCAEqTbkE7eb0V0MqdCxvhvbKvee8Wk1y6Akj8v X-Received: by 2002:a17:906:4a8c:: with SMTP id x12mr3099880eju.279.1589455908319; Thu, 14 May 2020 04:31:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589455908; cv=none; d=google.com; s=arc-20160816; b=UZaQNxFonFVmr4SNIAcReuEa231vmGy6C1+XVHf96R/D6KgcY0dEOYOJjwWD1U5jnT 0ajXAqoZKyGhdKtfD6mk/dl2LD5oKQKi+yxqvkO5miEOGPpBywLufEuxi5Ci5qM7vS2Y zYudy5HbuyKu9Pqcp0b7VyaE0MQBydGPIpPA+B5s8QrWuIVWCw5QAr66HIc4qaNL/V1G RN1aSZskMBg8ELY1l4tX9DBO1aoMagJCZhdLeUj5g3PVAM/8Xho2sYLkSNDL0v4YTJim h4mVHSCK00ogcLI3LRPClVtN4DD5OEy0wlq8vnPJI9TYdK7Irchvjr3ApMimSPurcDQk x+RA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=jRKR+BjjIWZrGT/XQesLSm1yZiucY/naM+DzbFoEJ4k=; b=OPYWofLK9Q3m7ER5jd2f1uzYWvheMrcqrE8eeO16CgZgu1Rmq2MZe0HqfuIFtRNaMU l32pTJvubQOWD3Pmt+ekVAQqZ+xGsU7t9NjLcCmlrd/9/UZqzamt9wr2CXBXfQMF6K6V SHZE0KCbRKWwG0gmnIzmtQvN49GI8x+OhhIYCto9IzBuBUo93wSmAem4PR5MbS/kx/df k1MQ4UHngQ91UXfAHqyyWejmEFckatv3+Ah+wZhljIxt5Ga9MHId4XJD0vYVIWK+T0U4 j1vdaJrQs/X7/+rqxWnHa6qRUKV1y4GiMMI3FMEP0MQihIMTZYAq3P/R4tTuFw/RG1kH Y5Cw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jlxWWmco; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i10si1684851ejx.250.2020.05.14.04.31.25; Thu, 14 May 2020 04:31:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jlxWWmco; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726316AbgENL13 (ORCPT + 99 others); Thu, 14 May 2020 07:27:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:51250 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726051AbgENL1Z (ORCPT ); Thu, 14 May 2020 07:27:25 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F16FC206A5; Thu, 14 May 2020 11:27:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589455644; bh=lb1wILpxMnk2dDKyaT9/I0hBKKuiQ8NqaXhAMd1Q6S8=; h=From:To:Cc:Subject:Date:From; b=jlxWWmcoplhtpNO8NT/phR6Z+E6qgXXqonoospaP5cvfpEK5qHLTzJ0ge5FzXeGsM LIPRtO2WwqLM0xwU4zTjDKGWK/7JSHGzvgTxSMePIr5XdUw1c7AkxVxUSP1h3CUEuZ vA9wGo5cvKaK8kBTNEznr/v3ilTRmRXcXbtiBK64= From: Greg Kroah-Hartman To: linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , Christoph Hellwig , Hillf Danton , Thomas Gleixner , Jeremy Linton , syzbot+353be47c9ce21b68b7ed@syzkaller.appspotmail.com, stable Subject: [PATCH] USB: usbfs: fix mmap dma mismatch Date: Thu, 14 May 2020 13:27:11 +0200 Message-Id: <20200514112711.1858252-1-gregkh@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In commit 2bef9aed6f0e ("usb: usbfs: correct kernel->user page attribute mismatch") we switched from always calling remap_pfn_range() to call dma_mmap_coherent() to handle issues with systems with non-coherent USB host controller drivers. Unfortunatly, as syzbot quickly told us, not all the world is host controllers with DMA support, so we need to check what host controller we are attempting to talk to before doing this type of allocation. Thanks to Christoph for the quick idea of how to fix this. Cc: Christoph Hellwig Cc: Hillf Danton Cc: Thomas Gleixner Cc: Jeremy Linton Reported-by: syzbot+353be47c9ce21b68b7ed@syzkaller.appspotmail.com Fixes: 2bef9aed6f0e ("usb: usbfs: correct kernel->user page attribute mismatch") Cc: stable Signed-off-by: Greg Kroah-Hartman --- drivers/usb/core/devio.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index b9db9812d6c5..d93d94d7ff50 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -251,9 +251,19 @@ static int usbdev_mmap(struct file *file, struct vm_area_struct *vma) usbm->vma_use_count = 1; INIT_LIST_HEAD(&usbm->memlist); - if (dma_mmap_coherent(hcd->self.sysdev, vma, mem, dma_handle, size)) { - dec_usb_memory_use_count(usbm, &usbm->vma_use_count); - return -EAGAIN; + if (hcd->localmem_pool || !hcd_uses_dma(hcd)) { + if (remap_pfn_range(vma, vma->vm_start, + virt_to_phys(usbm->mem) >> PAGE_SHIFT, + size, vma->vm_page_prot) < 0) { + dec_usb_memory_use_count(usbm, &usbm->vma_use_count); + return -EAGAIN; + } + } else { + if (dma_mmap_coherent(hcd->self.sysdev, vma, mem, dma_handle, + size)) { + dec_usb_memory_use_count(usbm, &usbm->vma_use_count); + return -EAGAIN; + } } vma->vm_flags |= VM_IO; -- 2.26.2