Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4713454pxj; Tue, 22 Jun 2021 06:31:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy5DOQTKprpqtI5TkXUQ0r1dtferLWQUrK3EIjNVDYA9ENnuEENS3eOPISse79Zx/wKEj4g X-Received: by 2002:a17:907:263d:: with SMTP id aq29mr4000484ejc.464.1624368660154; Tue, 22 Jun 2021 06:31:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624368660; cv=none; d=google.com; s=arc-20160816; b=JPTAECTRc6lui+eSghUf6LPsM5dmnkH8fKGOaRUTIF4TgeQ2XT8dv29RsEbX2/kS6C C9daDVfTsFvUfewVY6XefsdrnV2cgkWVo9Tyg6pp/dU2ELUzWVXx5Nwk/KK3Y5YMdLHy hWOdhpgl3Ccgf08ljWBKABTvitr8Tx4rjSE1Qffnov61NZrw9TIKP9yrmJKKzSjXbWvF tDDTgiWwzSgpwLllVeqDoYihEWJYt2hjRKjdMHTKazR1lV8tI2IweQWu3VjxpGcu2Pd/ OIhWS1ZcqGdmxKP4ryXUldSF9keb+wjOk0Y7raWhn4oJI4K/cnrp2fl+3xl8Btcc7TbS b7Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=K7bmbOQQmDNY9qLjoapde2Cm3XOAk5Ii+zMhY5gNed4=; b=f8WfKvLjR32p53M7QsTpnrzsyLM674+zX7cOxNX+zVAh8lhYR4lv9BVzugS514nUi/ kx+khxiSivuaOH5enQ2QYIIoIfPL2DAGqDM6r2vpLrLOohlGi/q2O8galKhFJjzRPcrH tsVKVlgESOnGLh846AvYMsAbaRD6nWtx9nf6eYPLfMowhtnjNqpPWawma6zcIKlzlc1j AyRK3/llznakTDTHUwY2R8OA3/Wp7TcGlflEbX2Bi5SoadO92fVxwwgsoheHiFiRHfLR EOtEYgXitt8blsmPi4612KDiiaa0m5nKx21hPiMC8gmltu5VC2kB13QI/s3b9FP0bnoN /+dQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id eb9si13360410ejc.250.2021.06.22.06.30.35; Tue, 22 Jun 2021 06:31:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230410AbhFVNbm (ORCPT + 99 others); Tue, 22 Jun 2021 09:31:42 -0400 Received: from netrider.rowland.org ([192.131.102.5]:38767 "HELO netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S230039AbhFVNbi (ORCPT ); Tue, 22 Jun 2021 09:31:38 -0400 Received: (qmail 453302 invoked by uid 1000); 22 Jun 2021 09:29:22 -0400 Date: Tue, 22 Jun 2021 09:29:22 -0400 From: Alan Stern To: David Laight Cc: 'Mauro Carvalho Chehab' , "linux-usb@vger.kernel.org" , "linuxarm@huawei.com" , "mauro.chehab@huawei.com" , Laurent Pinchart , Mauro Carvalho Chehab , "linux-kernel@vger.kernel.org" , "linux-media@vger.kernel.org" , "stable@vger.kernel.org" Subject: Re: [PATCH v3] media: uvc: don't do DMA on stack Message-ID: <20210622132922.GB452785@rowland.harvard.edu> References: <6832dffafd54a6a95b287c4a1ef30250d6b9237a.1624282817.git.mchehab+huawei@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 22, 2021 at 08:07:12AM +0000, David Laight wrote: > From: Mauro Carvalho Chehab > > Sent: 21 June 2021 14:40 > > > > As warned by smatch: > > drivers/media/usb/uvc/uvc_v4l2.c:911 uvc_ioctl_g_input() error: doing dma on the stack (&i) > > drivers/media/usb/uvc/uvc_v4l2.c:943 uvc_ioctl_s_input() error: doing dma on the stack (&i) > > > > those two functions call uvc_query_ctrl passing a pointer to > > a data at the DMA stack. those are used to send URBs via > > usb_control_msg(). Using DMA stack is not supported and should > > not work anymore on modern Linux versions. > > > > So, use a kmalloc'ed buffer. > ... > > + buf = kmalloc(1, GFP_KERNEL); > > + if (!buf) > > + return -ENOMEM; > > + > > ret = uvc_query_ctrl(chain->dev, UVC_GET_CUR, chain->selector->id, > > chain->dev->intfnum, UVC_SU_INPUT_SELECT_CONTROL, > > - &i, 1); > > + buf, 1); > > Thought... > > Is kmalloc(1, GFP_KERNEL) guaranteed to return a pointer into > a cache line that will not be accessed by any other code? > (This is slightly weaker than requiring a cache-line aligned > pointer - but very similar.) As I understand it, on architectures that do not have cache-coherent I/O, kmalloc is guaranteed to return a buffer that is cacheline-aligned and whose length is a multiple of the cacheline size. Now, whether that buffer ends up being accessed by any other code depends on what your driver does with the pointer it gets from kmalloc. :-) Alan Stern > Without that guarantee you can't use the returned buffer for > read dma unless the memory accesses are coherent. > > David