LKML Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] atm: eni: avoid accessing the data mapped to streaming DMA
@ 2020-08-02  9:16 Jia-Ju Bai
  2020-08-03 22:51 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Jia-Ju Bai @ 2020-08-02  9:16 UTC (permalink / raw)
  To: 3chas3; +Cc: linux-atm-general, netdev, linux-kernel, Jia-Ju Bai

In do_tx(), skb->data is mapped to streaming DMA on line 1111:
  paddr = dma_map_single(...,skb->data,DMA_TO_DEVICE);

Then skb->data is accessed on line 1153:
  (skb->data[3] & 0xf)

This access may cause data inconsistency between CPU cache and hardware.

To fix this problem, skb->data[3] is assigned to a local variable before
DMA mapping, and then the driver accesses this local variable instead of
skb->data[3].

Signed-off-by: Jia-Ju Bai <baijiaju@tsinghua.edu.cn>
---
 drivers/atm/eni.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c
index 17d47ad03ab7..09f4e2f41363 100644
--- a/drivers/atm/eni.c
+++ b/drivers/atm/eni.c
@@ -1034,6 +1034,7 @@ static enum enq_res do_tx(struct sk_buff *skb)
 	u32 dma_rd,dma_wr;
 	u32 size; /* in words */
 	int aal5,dma_size,i,j;
+	unsigned char skb_data3;
 
 	DPRINTK(">do_tx\n");
 	NULLCHECK(skb);
@@ -1108,6 +1109,7 @@ DPRINTK("iovcnt = %d\n",skb_shinfo(skb)->nr_frags);
 		    vcc->dev->number);
 		return enq_jam;
 	}
+	skb_data3 = skb->data[3];
 	paddr = dma_map_single(&eni_dev->pci_dev->dev,skb->data,skb->len,
 			       DMA_TO_DEVICE);
 	ENI_PRV_PADDR(skb) = paddr;
@@ -1150,7 +1152,7 @@ DPRINTK("doing direct send\n"); /* @@@ well, this doesn't work anyway */
 	    (size/(ATM_CELL_PAYLOAD/4)),tx->send+tx->tx_pos*4);
 /*printk("dsc = 0x%08lx\n",(unsigned long) readl(tx->send+tx->tx_pos*4));*/
 	writel((vcc->vci << MID_SEG_VCI_SHIFT) |
-            (aal5 ? 0 : (skb->data[3] & 0xf)) |
+            (aal5 ? 0 : (skb_data3 & 0xf)) |
 	    (ATM_SKB(skb)->atm_options & ATM_ATMOPT_CLP ? MID_SEG_CLP : 0),
 	    tx->send+((tx->tx_pos+1) & (tx->words-1))*4);
 	DPRINTK("size: %d, len:%d\n",size,skb->len);
-- 
2.17.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] atm: eni: avoid accessing the data mapped to streaming DMA
  2020-08-02  9:16 [PATCH] atm: eni: avoid accessing the data mapped to streaming DMA Jia-Ju Bai
@ 2020-08-03 22:51 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2020-08-03 22:51 UTC (permalink / raw)
  To: baijiaju; +Cc: 3chas3, linux-atm-general, netdev, linux-kernel

From: Jia-Ju Bai <baijiaju@tsinghua.edu.cn>
Date: Sun,  2 Aug 2020 17:16:11 +0800

> In do_tx(), skb->data is mapped to streaming DMA on line 1111:
>   paddr = dma_map_single(...,skb->data,DMA_TO_DEVICE);
> 
> Then skb->data is accessed on line 1153:
>   (skb->data[3] & 0xf)
> 
> This access may cause data inconsistency between CPU cache and hardware.
> 
> To fix this problem, skb->data[3] is assigned to a local variable before
> DMA mapping, and then the driver accesses this local variable instead of
> skb->data[3].
> 
> Signed-off-by: Jia-Ju Bai <baijiaju@tsinghua.edu.cn>

Applied.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-02  9:16 [PATCH] atm: eni: avoid accessing the data mapped to streaming DMA Jia-Ju Bai
2020-08-03 22:51 ` David Miller

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
	git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
		linux-kernel@vger.kernel.org
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git