Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp269663pxv;
        Wed, 30 Jun 2021 05:22:28 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy0K9UP1hgH+p0TMHT+PF/VBjlDGyEp1tscVwVUf9aJZUJO+PZS6UwYRBg3JmuPDKcAVeCH
X-Received: by 2002:a17:907:d86:: with SMTP id go6mr4732602ejc.35.1625055748416;
        Wed, 30 Jun 2021 05:22:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1625055748; cv=none;
        d=google.com; s=arc-20160816;
        b=pE/AhhBzUEnLMeUONq9pmV2pn/0ghtV/NTfJwtr55ao2aapF0XZhmmRvn9XPKJOfOT
         sxIfVWbxGNvpDHXY+1ZoPKZzStJPa3rOm9hPfNfberh8u+ShAUmGrAJs13tdh+6hGb80
         cP5EQxR7gTN3DmRwfBc6TUgvPHxsOrQeapCTCtcRYGOn7kV4tIueSV0imW/efINxhrse
         ZWTxrae+JjRJ/5TraM1Zg/0CbSMfb1ss2g4337RS3iR0QBo7L1RsKDHUAToxgRhoQ+XR
         ipP/GjetfaIKXAYgmEPqe/oIBw+uXdwpUr0zNkRKtCwaH83qoItDU/bCnHajibaqYN0Z
         DdJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=TR4vjEL/DUobHPQ667oxC9mowuXCyLU1eHe26tpi3rw=;
        b=YIL9ceEJXNWK/iApKQu7KIaP4Vni2CDszkEkn0uRfK0seH0baFoHd+UuokPklaflqb
         0QNkSNricnMqe3tk24S+bnK1c2ApQw9zDAXfBU++lOM9Gu5qzq1x32ICgsh4PA4gD+oS
         Vj09FI0Atka45vWyAqizKKYQ8qVmPIT1HlK+UJiNTRufPkWGbfaOWPdv1HQuBm96Q48Z
         ytbGZ9ID2phgGXlBKk/EgT2RnPIaUtqsozKqnsQzlRcbBWsO00M0j/Gqs5rKkNDsVMFx
         im6wOn5a67TR6KeC4KkDvlvigR/QUEeOeJ7bzsC224F3FgdRF8R8XaoGP1yC2zs1Enkj
         KxEQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OHbUhu85;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id d24si19496699edq.609.2021.06.30.05.22.02;
        Wed, 30 Jun 2021 05:22:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OHbUhu85;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234459AbhF3MXb (ORCPT <rfc822;mahfouz.saif.elyazal@gmail.com>
        + 99 others); Wed, 30 Jun 2021 08:23:31 -0400
Received: from mail.kernel.org ([198.145.29.99]:43538 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S234444AbhF3MXa (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 30 Jun 2021 08:23:30 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 91B8E61622;
        Wed, 30 Jun 2021 12:21:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1625055661;
        bh=urERl5tO5goZ6TLzzaZEftHjA9owertzkVYQiHZYC24=;
        h=From:To:Cc:Subject:Date:From;
        b=OHbUhu85T7wIqIbKJ59ahiYZeAhW53VDukQrN+MVx14r3o8Ymtkbk89qd+Z4Yso9X
         yt7337ycHuf0hyCooJTQxYhQWhTxDWTVuNR/Ew71HQvjAEnENFigbZs2JO3zWQ6HTz
         GjuLEZXpqUFTf9L0Y2niSZEM/iwsJWQnQ90/wKenMfGh4v5hrpOJ2A3bGOQkS5Yryk
         Mu5TVxhZuWQ6LKv/hfffzIXFK5D+uMVE/la5BYd0Cs6+YjeBIRjV4PvEVcIAqHKqt5
         h3D1q330Simm5KK6RNHjqw/5RE2sXJxkkp9IJQEUiVZgaXmUAlWNvYvnUPdkV0kAZl
         oxJETBz+fJk7A==
From:   Arnd Bergmann <arnd@kernel.org>
To:     Ulf Hansson <ulf.hansson@linaro.org>
Cc:     Arnd Bergmann <arnd@arndb.de>,
        Jernej Skrabec <jernej.skrabec@gmail.com>,
        Adrian Hunter <adrian.hunter@intel.com>,
        linux-mmc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] mmc: warn for invalid SDIO data buffers
Date:   Wed, 30 Jun 2021 14:20:53 +0200
Message-Id: <20210630122057.2795882-1-arnd@kernel.org>
X-Mailer: git-send-email 2.29.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Arnd Bergmann <arnd@arndb.de>

Jernej Skrabec reported a problem with the cw1200 driver failing on
arm64 systems with CONFIG_VMAP_STACK=y.

The driver in this case passes a pointer to a stack variable (in vmalloc
space) into the sdio layer, which gets translated into an invalid DMA
address.

Even without CONFIG_VMAP_STACK, the driver is still unreliable, as
cache invalidations on the DMA buffer may cause random data corruption
in adjacent stack slots.

This could be worked around in the SDIO core, but in the discussion we
decided that passing a stack variable into SDIO should always be considered
a bug, as it is for USB drivers.

Change the sdio core to produce a one-time warning for any on-stack
(both with and without CONFIG_VMAP_STACK) as well as any vmalloc
or module-local address that would have the same translation problem.

Cc: Jernej Skrabec <jernej.skrabec@gmail.com>
Link: https://lore.kernel.org/lkml/20210622202345.795578-1-jernej.skrabec@gmail.com/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/mmc/core/sdio_ops.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/mmc/core/sdio_ops.c b/drivers/mmc/core/sdio_ops.c
index 4c229dd2b6e5..14e983faf223 100644
--- a/drivers/mmc/core/sdio_ops.c
+++ b/drivers/mmc/core/sdio_ops.c
@@ -6,6 +6,7 @@
  */
 
 #include <linux/scatterlist.h>
+#include <linux/sched/task_stack.h>
 
 #include <linux/mmc/host.h>
 #include <linux/mmc/card.h>
@@ -124,6 +125,7 @@ int mmc_io_rw_extended(struct mmc_card *card, int write, unsigned fn,
 	int err;
 
 	WARN_ON(blksz == 0);
+	WARN_ON_ONCE(is_vmalloc_or_module_addr(buf) || object_is_on_stack(buf));
 
 	/* sanity check */
 	if (addr & ~0x1FFFF)
-- 
2.29.2