diff options
| author | Liu Shixin <liushixin2@huawei.com> | 2022-06-30 19:33:31 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-07-02 16:27:40 +0200 |
| commit | 401db6e9a904a2efd855d61d92964700ee9509ed (patch) | |
| tree | 8b35f15432a2d80db6e6b621e5fb5a0abae19986 /README | |
| parent | 7074b39d83f5d71fa4f0521b28bd4fb3a22152c1 (diff) | |
| download | linux-401db6e9a904a2efd855d61d92964700ee9509ed.tar.gz linux-401db6e9a904a2efd855d61d92964700ee9509ed.tar.bz2 linux-401db6e9a904a2efd855d61d92964700ee9509ed.zip | |
swiotlb: skip swiotlb_bounce when orig_addr is zero
After patch ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE"),
swiotlb_bounce will be called in swiotlb_tbl_map_single unconditionally.
This requires that the physical address must be valid, which is not always
true on stable-4.19 or earlier version.
On stable-4.19, swiotlb_alloc_buffer will call swiotlb_tbl_map_single with
orig_addr equal to zero, which cause such a panic:
Unable to handle kernel paging request at virtual address ffffb77a40000000
...
pc : __memcpy+0x100/0x180
lr : swiotlb_bounce+0x74/0x88
...
Call trace:
__memcpy+0x100/0x180
swiotlb_tbl_map_single+0x2c8/0x338
swiotlb_alloc+0xb4/0x198
__dma_alloc+0x84/0x1d8
...
On stable-4.9 and stable-4.14, swiotlb_alloc_coherent wille call map_single
with orig_addr equal to zero, which can cause same panic.
Fix this by skipping swiotlb_bounce when orig_addr is zero.
Fixes: ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions