From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, stable <stable@kernel.org>,
Shunsuke Mie <mie@igel.co.jp>
Subject: [PATCH 5.10 54/54] misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic
Date: Thu, 13 Oct 2022 19:52:48 +0200 [thread overview]
Message-ID: <20221013175148.642238012@linuxfoundation.org> (raw)
In-Reply-To: <20221013175147.337501757@linuxfoundation.org>
From: Shunsuke Mie <mie@igel.co.jp>
commit 8e30538eca016de8e252bef174beadecd64239f0 upstream.
The dma_map_single() doesn't permit zero length mapping. It causes a follow
panic.
A panic was reported on arm64:
[ 60.137988] ------------[ cut here ]------------
[ 60.142630] kernel BUG at kernel/dma/swiotlb.c:624!
[ 60.147508] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[ 60.152992] Modules linked in: dw_hdmi_cec crct10dif_ce simple_bridge rcar_fdp1 vsp1 rcar_vin videobuf2_vmalloc rcar_csi2 v4l
2_mem2mem videobuf2_dma_contig videobuf2_memops pci_endpoint_test videobuf2_v4l2 videobuf2_common rcar_fcp v4l2_fwnode v4l2_asyn
c videodev mc gpio_bd9571mwv max9611 pwm_rcar ccree at24 authenc libdes phy_rcar_gen3_usb3 usb_dmac display_connector pwm_bl
[ 60.186252] CPU: 0 PID: 508 Comm: pcitest Not tainted 6.0.0-rc1rpci-dev+ #237
[ 60.193387] Hardware name: Renesas Salvator-X 2nd version board based on r8a77951 (DT)
[ 60.201302] pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 60.208263] pc : swiotlb_tbl_map_single+0x2c0/0x590
[ 60.213149] lr : swiotlb_map+0x88/0x1f0
[ 60.216982] sp : ffff80000a883bc0
[ 60.220292] x29: ffff80000a883bc0 x28: 0000000000000000 x27: 0000000000000000
[ 60.227430] x26: 0000000000000000 x25: ffff0004c0da20d0 x24: ffff80000a1f77c0
[ 60.234567] x23: 0000000000000002 x22: 0001000040000010 x21: 000000007a000000
[ 60.241703] x20: 0000000000200000 x19: 0000000000000000 x18: 0000000000000000
[ 60.248840] x17: 0000000000000000 x16: 0000000000000000 x15: ffff0006ff7b9180
[ 60.255977] x14: ffff0006ff7b9180 x13: 0000000000000000 x12: 0000000000000000
[ 60.263113] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
[ 60.270249] x8 : 0001000000000010 x7 : ffff0004c6754b20 x6 : 0000000000000000
[ 60.277385] x5 : ffff0004c0da2090 x4 : 0000000000000000 x3 : 0000000000000001
[ 60.284521] x2 : 0000000040000000 x1 : 0000000000000000 x0 : 0000000040000010
[ 60.291658] Call trace:
[ 60.294100] swiotlb_tbl_map_single+0x2c0/0x590
[ 60.298629] swiotlb_map+0x88/0x1f0
[ 60.302115] dma_map_page_attrs+0x188/0x230
[ 60.306299] pci_endpoint_test_ioctl+0x5e4/0xd90 [pci_endpoint_test]
[ 60.312660] __arm64_sys_ioctl+0xa8/0xf0
[ 60.316583] invoke_syscall+0x44/0x108
[ 60.320334] el0_svc_common.constprop.0+0xcc/0xf0
[ 60.325038] do_el0_svc+0x2c/0xb8
[ 60.328351] el0_svc+0x2c/0x88
[ 60.331406] el0t_64_sync_handler+0xb8/0xc0
[ 60.335587] el0t_64_sync+0x18c/0x190
[ 60.339251] Code: 52800013 d2e00414 35fff45c d503201f (d4210000)
[ 60.345344] ---[ end trace 0000000000000000 ]---
To fix it, this patch adds a checking the payload length if it is zero.
Fixes: 343dc693f7b7 ("misc: pci_endpoint_test: Prevent some integer overflows")
Cc: stable <stable@kernel.org>
Signed-off-by: Shunsuke Mie <mie@igel.co.jp>
Link: https://lore.kernel.org/r/20220907020100.122588-2-mie@igel.co.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/pci_endpoint_test.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -334,6 +334,11 @@ static bool pci_endpoint_test_msi_irq(st
static int pci_endpoint_test_validate_xfer_params(struct device *dev,
struct pci_endpoint_test_xfer_param *param, size_t alignment)
{
+ if (!param->size) {
+ dev_dbg(dev, "Data size is zero\n");
+ return -EINVAL;
+ }
+
if (param->size > SIZE_MAX - alignment) {
dev_dbg(dev, "Maximum transfer data size exceeded\n");
return -EINVAL;
next prev parent reply other threads:[~2022-10-13 17:58 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-13 17:51 [PATCH 5.10 00/54] 5.10.148-rc1 review Greg Kroah-Hartman
2022-10-13 17:51 ` [PATCH 5.10 01/54] nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() Greg Kroah-Hartman
2022-10-13 17:51 ` [PATCH 5.10 02/54] nilfs2: fix use-after-free bug of struct nilfs_root Greg Kroah-Hartman
2022-10-13 17:51 ` [PATCH 5.10 03/54] nilfs2: fix leak of nilfs_root in case of writer thread creation failure Greg Kroah-Hartman
2022-10-13 17:51 ` [PATCH 5.10 04/54] nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure Greg Kroah-Hartman
2022-10-13 17:51 ` [PATCH 5.10 05/54] ceph: dont truncate file in atomic_open Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 06/54] Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 07/54] docs: update mediator information in CoC docs Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 08/54] perf tools: Fixup get_current_dir_name() compilation Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 09/54] xsk: Inherit need_wakeup flag for shared sockets Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 10/54] ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 11/54] mm: gup: fix the fast GUP race against THP collapse Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 12/54] powerpc/64s/radix: dont need to broadcast IPI for radix pmd collapse flush Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 13/54] fs: fix UAF/GPF bug in nilfs_mdt_destroy Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 14/54] compiler_attributes.h: move __compiletime_{error|warning} Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 15/54] firmware: arm_scmi: Add SCMI PM driver remove routine Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 16/54] dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 17/54] dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 18/54] dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 19/54] ARM: dts: fix Moxa SDIO compatible, remove sdhci misnomer Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 20/54] scsi: qedf: Fix a UAF bug in __qedf_probe() Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 21/54] net/ieee802154: fix uninit value bug in dgram_sendmsg Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 22/54] ALSA: hda/hdmi: Fix the converter reuse for the silent stream Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 23/54] um: Cleanup syscall_handler_t cast in syscalls_32.h Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 24/54] um: Cleanup compiler warning in arch/x86/um/tls_32.c Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 25/54] arch: um: Mark the stack non-executable to fix a binutils warning Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 26/54] net: atlantic: fix potential memory leak in aq_ndev_close() Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 27/54] drm/amd/display: update gamut remap if plane has changed Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 28/54] drm/amd/display: skip audio setup when audio stream is enabled Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 29/54] mmc: core: Replace with already defined values for readability Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 30/54] mmc: core: Terminate infinite loop in SD-UHS voltage switch Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 31/54] usb: mon: make mmapped memory read only Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 32/54] USB: serial: ftdi_sio: fix 300 bps rate for SIO Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 33/54] rpmsg: qcom: glink: replace strncpy() with strscpy_pad() Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 34/54] Revert "clk: ti: Stop using legacy clkctrl names for omap4 and 5" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 35/54] random: restore O_NONBLOCK support Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 36/54] random: clamp credited irq bits to maximum mixed Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 37/54] ALSA: hda: Fix position reporting on Poulsbo Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 38/54] efi: Correct Macmini DMI match in uefi cert quirk Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 39/54] scsi: stex: Properly zero out the passthrough command structure Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 40/54] USB: serial: qcserial: add new usb-id for Dell branded EM7455 Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 41/54] random: avoid reading two cache lines on irq randomness Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 42/54] random: use expired timer rather than wq for mixing fast pool Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 43/54] wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 44/54] wifi: cfg80211/mac80211: reject bad MBSSID elements Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 45/54] wifi: cfg80211: ensure length byte is present before access Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 46/54] wifi: cfg80211: fix BSS refcounting bugs Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 47/54] wifi: cfg80211: avoid nontransmitted BSS list corruption Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 48/54] wifi: mac80211_hwsim: avoid mac80211 warning on bad rate Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 49/54] wifi: mac80211: fix crash in beacon protection for P2P-device Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 50/54] wifi: cfg80211: update hidden BSSes to avoid WARN_ON Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 51/54] Input: xpad - add supported devices as contributed on github Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 52/54] Input: xpad - fix wireless 360 controller breaking after suspend Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.10 53/54] misc: pci_endpoint_test: Aggregate params checking for xfer Greg Kroah-Hartman
2022-10-13 17:52 ` Greg Kroah-Hartman [this message]
2022-10-13 20:41 ` [PATCH 5.10 00/54] 5.10.148-rc1 review Pavel Machek
2022-10-13 20:41 ` Florian Fainelli
2022-10-14 11:10 ` Naresh Kamboju
2022-10-14 11:49 ` Sudip Mukherjee (Codethink)
2022-10-14 15:54 ` Jon Hunter
2022-10-14 16:37 ` Shuah Khan
2022-10-14 17:29 ` Slade Watkins
2022-10-14 23:07 ` Guenter Roeck
2022-10-15 3:30 ` Rudi Heitbaum
2022-10-17 1:33 ` zhouzhixiu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221013175148.642238012@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mie@igel.co.jp \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.