From: Robin Murphy <robin.murphy@arm.com>
To: joro@8bytes.org, will@kernel.org
Cc: iommu@lists.linux-foundation.org, suravee.suthikulpanit@amd.com,
baolu.lu@linux.intel.com, willy@infradead.org,
linux-kernel@vger.kernel.org, john.garry@huawei.com,
linux-mm@kvack.org, Thierry Reding <thierry.reding@gmail.com>,
Mikko Perttunen <mperttunen@nvidia.com>,
dri-devel@lists.freedesktop.org
Subject: [PATCH v2 03/11] drm/tegra: vic: Fix DMA API misuse
Date: Fri, 10 Dec 2021 17:54:44 +0000 [thread overview]
Message-ID: <6b86f6e530b504a5eee864af10e2ae1570d7b645.1639157090.git.robin.murphy@arm.com> (raw)
In-Reply-To: <cover.1639157090.git.robin.murphy@arm.com>
Upon failure, dma_alloc_coherent() returns NULL. If that does happen,
passing some uninitialised stack contents to dma_mapping_error() - which
belongs to a different API in the first place - has precious little
chance of detecting it.
Also include the correct header, because the fragile transitive
inclusion currently providing it is going to break soon.
Fixes: 20e7dce255e9 ("drm/tegra: Remove memory allocation from Falcon library")
CC: Thierry Reding <thierry.reding@gmail.com>
CC: Mikko Perttunen <mperttunen@nvidia.com>
CC: dri-devel@lists.freedesktop.org
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
---
It also doesn't appear to handle failure of the tegra_drm_alloc() path
either, but that's a loose thread I have no desire to pull on... ;)
v2: Resend as part of the series, originally posted separately here:
https://lore.kernel.org/dri-devel/2703882439344010e33bf21ecd63cf9e5e6dc00d.1637781007.git.robin.murphy@arm.com/
drivers/gpu/drm/tegra/vic.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/tegra/vic.c b/drivers/gpu/drm/tegra/vic.c
index c02010ff2b7f..da4af5371991 100644
--- a/drivers/gpu/drm/tegra/vic.c
+++ b/drivers/gpu/drm/tegra/vic.c
@@ -5,6 +5,7 @@
#include <linux/clk.h>
#include <linux/delay.h>
+#include <linux/dma-mapping.h>
#include <linux/host1x.h>
#include <linux/iommu.h>
#include <linux/module.h>
@@ -232,10 +233,8 @@ static int vic_load_firmware(struct vic *vic)
if (!client->group) {
virt = dma_alloc_coherent(vic->dev, size, &iova, GFP_KERNEL);
-
- err = dma_mapping_error(vic->dev, iova);
- if (err < 0)
- return err;
+ if (!virt)
+ return -ENOMEM;
} else {
virt = tegra_drm_alloc(tegra, size, &iova);
}
--
2.28.0.dirty
next prev parent reply other threads:[~2021-12-10 17:55 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-10 17:54 [PATCH v2 00/11] iommu: refactor flush queues into iommu-dma Robin Murphy
2021-12-10 17:54 ` [PATCH v2 01/11] iommu/iova: Fix race between FQ timeout and teardown Robin Murphy
2021-12-10 18:04 ` John Garry
2021-12-10 18:13 ` Robin Murphy
2021-12-10 19:19 ` John Garry
2021-12-10 17:54 ` [PATCH v2 02/11] gpu: host1x: Add missing DMA API include Robin Murphy
2021-12-16 8:53 ` Thierry Reding
2021-12-10 17:54 ` Robin Murphy [this message]
2021-12-16 8:01 ` [PATCH v2 03/11] drm/tegra: vic: Fix DMA API misuse Christoph Hellwig
2021-12-16 8:55 ` Thierry Reding
2021-12-10 17:54 ` [PATCH v2 04/11] iommu/iova: Squash entry_dtor abstraction Robin Murphy
2021-12-14 16:39 ` John Garry
2021-12-16 8:02 ` Christoph Hellwig
2021-12-10 17:54 ` [PATCH v2 05/11] iommu/iova: Squash flush_cb abstraction Robin Murphy
2021-12-14 16:39 ` John Garry
2021-12-16 8:02 ` Christoph Hellwig
2021-12-17 12:08 ` Robin Murphy
2021-12-10 17:54 ` [PATCH v2 06/11] iommu/amd: Simplify pagetable freeing Robin Murphy
2021-12-10 17:54 ` [PATCH v2 07/11] iommu/amd: Use put_pages_list Robin Murphy
2021-12-10 17:54 ` [PATCH v2 08/11] iommu/vt-d: " Robin Murphy
2021-12-10 17:54 ` [PATCH v2 09/11] iommu/iova: Consolidate flush queue code Robin Murphy
2021-12-14 16:39 ` John Garry
2021-12-10 17:54 ` [PATCH v2 10/11] iommu/iova: Move flush queue code to iommu-dma Robin Murphy
2021-12-14 16:40 ` John Garry
2021-12-14 17:18 ` John Garry
2021-12-14 17:50 ` Robin Murphy
2021-12-10 17:54 ` [PATCH v2 11/11] iommu: Move flush queue data into iommu_dma_cookie Robin Murphy
2021-12-10 23:30 ` kernel test robot
2021-12-10 23:50 ` kernel test robot
2021-12-14 17:16 ` John Garry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6b86f6e530b504a5eee864af10e2ae1570d7b645.1639157090.git.robin.murphy@arm.com \
--to=robin.murphy@arm.com \
--cc=baolu.lu@linux.intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=iommu@lists.linux-foundation.org \
--cc=john.garry@huawei.com \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mperttunen@nvidia.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=thierry.reding@gmail.com \
--cc=will@kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).