Received: by 2002:a05:6358:700f:b0:131:369:b2a3 with SMTP id 15csp1056452rwo; Wed, 2 Aug 2023 08:07:57 -0700 (PDT) X-Google-Smtp-Source: APBJJlGWkU2Cjii8EoBZiFkjNJwdrbqiANDJVCKO+rEhN6TsIoyO5eX9NTn2NL2LIWN0VfwIBP7c X-Received: by 2002:a17:90b:384a:b0:268:977d:5253 with SMTP id nl10-20020a17090b384a00b00268977d5253mr14544687pjb.8.1690988876900; Wed, 02 Aug 2023 08:07:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690988876; cv=none; d=google.com; s=arc-20160816; b=h4o02NGegsQzOrIJVD8HTm5bgZV1J4AU7F/kNS6diABL5GHaR4pd2nZ0HKlWFC83Ok ro8u5fJVqTBf7bdKSuoxKI5UYU7KbSRDxVebRAeG34I20fD0E9cUUWI+Oj4/Pkudw20+ WwnRJVzcWy93HreGWpkTpIi7rnGJn4p+7HSh9Q0yANvaM/W7gWDlQK3L9FPsyIFBG8x2 ml5ZcK7ABJLEYtvtnnxI4uMeHcKAdbsEI+AX4S/H8BwJslBEpQpRpe48rIDjNI9RlHiU 6VtmRCncYwJv+P6UlODoAWegkrLKLKjUR0hexMeVIi2aKuOLBmrGiP/GMCHEGrI0l+Jh Ko5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from :dkim-signature; bh=KtC6qM1UVfT+yCOPBYN8p2tmEnhHKJcI+UMpzdtEc48=; fh=TnMRDi3L0sQlniDGL1hLZ2IIl7MhP13XMPTS/HLyrTU=; b=VcSKPF2LXm01eUcyoP/8mNZrDEJMQ9zicGKoX+RqFnmLMcLM3fAM9WwrY3EUEPdi3F voCcOPWojttzbK4R2x08YmFpe7vWCEYD5kqM1JLseERJNnT8CQNquG/sRA5YBTWOT9pY BxJHi7+FyLiBU7TuUgEk1KMjFxZu4jaUzoWp2RwksDb3709Dlk/cBtNRuSkgho112Cd8 4bDgltqOsNIfYNme+/s6iBODlZ9B6QI2iJ54zwDWiFVyNTpMm1oVeWjSAsDBN2XXVkVY TFuiSnXw1/zY9DATgXjEMpiDIn10hLwq8k5jKVPjr8cWDv3I1BQxrBONQxutpcC0/47O 6nFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=eCNcvhpo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id me15-20020a17090b17cf00b00263a2156cd5si1427008pjb.30.2023.08.02.08.07.19; Wed, 02 Aug 2023 08:07:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=eCNcvhpo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234518AbjHBN6A (ORCPT + 99 others); Wed, 2 Aug 2023 09:58:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234334AbjHBN5t (ORCPT ); Wed, 2 Aug 2023 09:57:49 -0400 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C8932115; Wed, 2 Aug 2023 06:57:48 -0700 (PDT) Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 372DSQex004059; Wed, 2 Aug 2023 13:57:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : mime-version : content-type; s=qcppdkim1; bh=KtC6qM1UVfT+yCOPBYN8p2tmEnhHKJcI+UMpzdtEc48=; b=eCNcvhpozgP2ojT5zJUnCp8ai+9ovfwXGaTHrpRQpWktMTkOMA0zHT2TsgkNXNjG/6V+ ls/CP3fbumNT3kUIqe64Ob4f43kIGfBZ90+5ynVMqqCnqG6yBa+y5kzNfIgyA8M8pnrV 5ys4rCMttFKluHYpP2PtI7kSUKHkrHccijcKAmTjHCaFmbQwpykU8g6rkqaEnbq8QAIm 2OsrmgVOIO2aWipr/q2iYorFi52FiEtkNn0Jom1uDbq7aoTHKTrtMZm7lPBOKM9Ksx81 QuwKPJRYnoqBiZJcq6PToudPKwicmJicUsSJ5/75pycu5AkGcVTJVQHW0BUvHr9yqv3z Og== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3s75b32hwr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 02 Aug 2023 13:57:44 +0000 Received: from nalasex01b.na.qualcomm.com (nalasex01b.na.qualcomm.com [10.47.209.197]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 372DvhmA029369 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 2 Aug 2023 13:57:43 GMT Received: from ekangupt-linux.qualcomm.com (10.80.80.8) by nalasex01b.na.qualcomm.com (10.47.209.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.30; Wed, 2 Aug 2023 06:57:40 -0700 From: Ekansh Gupta To: , CC: Ekansh Gupta , , , , , stable Subject: [PATCH v4] misc: fastrpc: Fix incorrect DMA mapping unmap request Date: Wed, 2 Aug 2023 19:27:36 +0530 Message-ID: <1690984656-11761-1-git-send-email-quic_ekangupt@quicinc.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nalasex01b.na.qualcomm.com (10.47.209.197) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: cQZ7JW5RUqBuEAjPK6LVh0_5KYcJmasK X-Proofpoint-ORIG-GUID: cQZ7JW5RUqBuEAjPK6LVh0_5KYcJmasK X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-08-02_09,2023-08-01_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 suspectscore=0 phishscore=0 lowpriorityscore=0 priorityscore=1501 mlxscore=0 spamscore=0 mlxlogscore=967 bulkscore=0 clxscore=1015 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2306200000 definitions=main-2308020124 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Scatterlist table is obtained during map create request and the same table is used for DMA mapping unmap. In case there is any failure while getting the sg_table, ERR_PTR is returned instead of sg_table. When the map is getting freed, there is only a non-NULL check of sg_table which will also be true in case failure was returned instead of sg_table. This would result in improper unmap request. Add proper check before setting map table to avoid bad unmap request. Fixes: c68cfb718c8f ("misc: fastrpc: Add support for context Invoke method") Cc: stable Signed-off-by: Ekansh Gupta --- Changes in v2: - Added fixes information to commit text Changes in v3: - Set map->table only if attachment for successful Changes in v4: - Use correct dma buf attachment function drivers/misc/fastrpc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index 9666d28..b2c62b2 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -756,6 +756,7 @@ static int fastrpc_map_create(struct fastrpc_user *fl, int fd, { struct fastrpc_session_ctx *sess = fl->sctx; struct fastrpc_map *map = NULL; + struct sg_table *table; int err = 0; if (!fastrpc_map_lookup(fl, fd, ppmap, true)) @@ -783,11 +784,12 @@ static int fastrpc_map_create(struct fastrpc_user *fl, int fd, goto attach_err; } - map->table = dma_buf_map_attachment_unlocked(map->attach, DMA_BIDIRECTIONAL); - if (IS_ERR(map->table)) { - err = PTR_ERR(map->table); + table = dma_buf_map_attachment_unlocked(map->attach, DMA_BIDIRECTIONAL); + if (IS_ERR(table)) { + err = PTR_ERR(table); goto map_err; } + map->table = table; if (attr & FASTRPC_ATTR_SECUREMAP) { map->phys = sg_phys(map->table->sgl); -- 2.7.4