linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Arnd Bergmann <arnd@kernel.org>
To: Ulf Hansson <ulf.hansson@linaro.org>
Cc: Arnd Bergmann <arnd@arndb.de>,
	Jernej Skrabec <jernej.skrabec@gmail.com>,
	Adrian Hunter <adrian.hunter@intel.com>,
	linux-mmc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] mmc: warn for invalid SDIO data buffers
Date: Wed, 30 Jun 2021 14:20:53 +0200	[thread overview]
Message-ID: <20210630122057.2795882-1-arnd@kernel.org> (raw)

From: Arnd Bergmann <arnd@arndb.de>

Jernej Skrabec reported a problem with the cw1200 driver failing on
arm64 systems with CONFIG_VMAP_STACK=y.

The driver in this case passes a pointer to a stack variable (in vmalloc
space) into the sdio layer, which gets translated into an invalid DMA
address.

Even without CONFIG_VMAP_STACK, the driver is still unreliable, as
cache invalidations on the DMA buffer may cause random data corruption
in adjacent stack slots.

This could be worked around in the SDIO core, but in the discussion we
decided that passing a stack variable into SDIO should always be considered
a bug, as it is for USB drivers.

Change the sdio core to produce a one-time warning for any on-stack
(both with and without CONFIG_VMAP_STACK) as well as any vmalloc
or module-local address that would have the same translation problem.

Cc: Jernej Skrabec <jernej.skrabec@gmail.com>
Link: https://lore.kernel.org/lkml/20210622202345.795578-1-jernej.skrabec@gmail.com/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/mmc/core/sdio_ops.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/mmc/core/sdio_ops.c b/drivers/mmc/core/sdio_ops.c
index 4c229dd2b6e5..14e983faf223 100644
--- a/drivers/mmc/core/sdio_ops.c
+++ b/drivers/mmc/core/sdio_ops.c
@@ -6,6 +6,7 @@
  */
 
 #include <linux/scatterlist.h>
+#include <linux/sched/task_stack.h>
 
 #include <linux/mmc/host.h>
 #include <linux/mmc/card.h>
@@ -124,6 +125,7 @@ int mmc_io_rw_extended(struct mmc_card *card, int write, unsigned fn,
 	int err;
 
 	WARN_ON(blksz == 0);
+	WARN_ON_ONCE(is_vmalloc_or_module_addr(buf) || object_is_on_stack(buf));
 
 	/* sanity check */
 	if (addr & ~0x1FFFF)
-- 
2.29.2


             reply	other threads:[~2021-06-30 12:21 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-30 12:20 Arnd Bergmann [this message]
2021-06-30 23:02 ` [PATCH] mmc: warn for invalid SDIO data buffers kernel test robot
2021-07-01  9:06   ` Arnd Bergmann
2021-07-02  1:02 ` [PATCH] mmc: warn for invalid SDIO data buffers【请注意,邮件由linux-mmc-owner@vger.kernel.org代发】 Shawn Lin
2021-07-02  7:03   ` Arnd Bergmann
2021-07-02  8:15     ` Shawn Lin
2021-07-02  8:19     ` Ulf Hansson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210630122057.2795882-1-arnd@kernel.org \
    --to=arnd@kernel.org \
    --cc=adrian.hunter@intel.com \
    --cc=arnd@arndb.de \
    --cc=jernej.skrabec@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mmc@vger.kernel.org \
    --cc=ulf.hansson@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).