* [PATCH] libata: fix using DMA buffers on stack
@ 2019-03-26 3:07 raymond pang
2019-03-26 14:09 ` Jens Axboe
0 siblings, 1 reply; 5+ messages in thread
From: raymond pang @ 2019-03-26 3:07 UTC (permalink / raw)
To: axboe; +Cc: linux-kernel, linux-ide
When CONFIG_VMAP_STACK=y, __pa() returns incorrect physical address for
a stack virtual address. Stack DMA buffers must be avoided.
Signed-off-by: raymond pang <raymondpangxd@gmail.com>
---
drivers/ata/libata-zpodd.c | 36 ++++++++++++++++++++++++++----------
1 file changed, 26 insertions(+), 10 deletions(-)
diff --git a/drivers/ata/libata-zpodd.c b/drivers/ata/libata-zpodd.c
index b3ed8f9..5ca0ce5 100644
--- a/drivers/ata/libata-zpodd.c
+++ b/drivers/ata/libata-zpodd.c
@@ -52,38 +52,54 @@ static int eject_tray(struct ata_device *dev)
/* Per the spec, only slot type and drawer type ODD can be supported */
static enum odd_mech_type zpodd_get_mech_type(struct ata_device *dev)
{
- char buf[16];
+ char *buf;
unsigned int ret;
- struct rm_feature_desc *desc = (void *)(buf + 8);
+ struct rm_feature_desc *desc;
struct ata_taskfile tf;
static const char cdb[] = { GPCMD_GET_CONFIGURATION,
2, /* only 1 feature descriptor requested */
0, 3, /* 3, removable medium feature */
0, 0, 0,/* reserved */
- 0, sizeof(buf),
+ 0, 16,
0, 0, 0,
};
+ buf = kzalloc(16, GFP_KERNEL);
+ if (!buf) {
+ ata_dev_err(dev, "zpodd mech type buffer allocation failed\n");
+ return ODD_MECH_TYPE_UNSUPPORTED;
+ }
+ desc = (void *)(buf + 8);
+
ata_tf_init(dev, &tf);
tf.flags = ATA_TFLAG_ISADDR | ATA_TFLAG_DEVICE;
tf.command = ATA_CMD_PACKET;
tf.protocol = ATAPI_PROT_PIO;
- tf.lbam = sizeof(buf);
+ tf.lbam = 16;
ret = ata_exec_internal(dev, &tf, cdb, DMA_FROM_DEVICE,
- buf, sizeof(buf), 0);
- if (ret)
+ buf, 16, 0);
+ if (ret) {
+ kzfree(buf);
return ODD_MECH_TYPE_UNSUPPORTED;
+ }
- if (be16_to_cpu(desc->feature_code) != 3)
+ if (be16_to_cpu(desc->feature_code) != 3) {
+ kzfree(buf);
return ODD_MECH_TYPE_UNSUPPORTED;
+ }
- if (desc->mech_type == 0 && desc->load == 0 && desc->eject == 1)
+ if (desc->mech_type == 0 && desc->load == 0 && desc->eject == 1) {
+ kzfree(buf);
return ODD_MECH_TYPE_SLOT;
- else if (desc->mech_type == 1 && desc->load == 0 && desc->eject == 1)
+ } else if (desc->mech_type == 1 && desc->load == 0 &&
+ desc->eject == 1) {
+ kzfree(buf);
return ODD_MECH_TYPE_DRAWER;
- else
+ } else {
+ kzfree(buf);
return ODD_MECH_TYPE_UNSUPPORTED;
+ }
}
/* Test if ODD is zero power ready by sense code */
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] libata: fix using DMA buffers on stack
2019-03-26 3:07 [PATCH] libata: fix using DMA buffers on stack raymond pang
@ 2019-03-26 14:09 ` Jens Axboe
2019-03-28 12:00 ` raymond pang
0 siblings, 1 reply; 5+ messages in thread
From: Jens Axboe @ 2019-03-26 14:09 UTC (permalink / raw)
To: raymond pang; +Cc: linux-kernel, linux-ide
On 3/25/19 9:07 PM, raymond pang wrote:
> When CONFIG_VMAP_STACK=y, __pa() returns incorrect physical address for
> a stack virtual address. Stack DMA buffers must be avoided.
The patch looks fine, but it's white space mangled so it won't apply.
Additionally, you don't need to use kzfree, just use kfree.
--
Jens Axboe
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] libata: fix using DMA buffers on stack
2019-03-26 14:09 ` Jens Axboe
@ 2019-03-28 12:00 ` raymond pang
0 siblings, 0 replies; 5+ messages in thread
From: raymond pang @ 2019-03-28 12:00 UTC (permalink / raw)
To: Jens Axboe; +Cc: linux-kernel, linux-ide
hi Jens,
Thanks for review. I'll fix them up.
Best regards,
Raymond
On Tue, Mar 26, 2019 at 2:09 PM Jens Axboe <axboe@kernel.dk> wrote:
>
> On 3/25/19 9:07 PM, raymond pang wrote:
> > When CONFIG_VMAP_STACK=y, __pa() returns incorrect physical address for
> > a stack virtual address. Stack DMA buffers must be avoided.
>
> The patch looks fine, but it's white space mangled so it won't apply.
> Additionally, you don't need to use kzfree, just use kfree.
>
> --
> Jens Axboe
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] libata: fix using DMA buffers on stack
2019-03-28 12:19 raymond pang
@ 2019-03-28 14:17 ` Jens Axboe
0 siblings, 0 replies; 5+ messages in thread
From: Jens Axboe @ 2019-03-28 14:17 UTC (permalink / raw)
To: raymond pang; +Cc: linux-ide, linux-kernel
On 3/28/19 6:19 AM, raymond pang wrote:
> When CONFIG_VMAP_STACK=y, __pa() returns incorrect physical address for
> a stack virtual address. Stack DMA buffers must be avoided.
Thanks, applied.
--
Jens Axboe
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] libata: fix using DMA buffers on stack
@ 2019-03-28 12:19 raymond pang
2019-03-28 14:17 ` Jens Axboe
0 siblings, 1 reply; 5+ messages in thread
From: raymond pang @ 2019-03-28 12:19 UTC (permalink / raw)
To: axboe; +Cc: linux-ide, linux-kernel
When CONFIG_VMAP_STACK=y, __pa() returns incorrect physical address for
a stack virtual address. Stack DMA buffers must be avoided.
Signed-off-by: raymond pang <raymondpangxd@gmail.com>
---
drivers/ata/libata-zpodd.c | 34 ++++++++++++++++++++++++----------
1 file changed, 24 insertions(+), 10 deletions(-)
diff --git a/drivers/ata/libata-zpodd.c b/drivers/ata/libata-zpodd.c
index b3ed8f995..173e6f2dd 100644
--- a/drivers/ata/libata-zpodd.c
+++ b/drivers/ata/libata-zpodd.c
@@ -52,38 +52,52 @@ static int eject_tray(struct ata_device *dev)
/* Per the spec, only slot type and drawer type ODD can be supported */
static enum odd_mech_type zpodd_get_mech_type(struct ata_device *dev)
{
- char buf[16];
+ char *buf;
unsigned int ret;
- struct rm_feature_desc *desc = (void *)(buf + 8);
+ struct rm_feature_desc *desc;
struct ata_taskfile tf;
static const char cdb[] = { GPCMD_GET_CONFIGURATION,
2, /* only 1 feature descriptor requested */
0, 3, /* 3, removable medium feature */
0, 0, 0,/* reserved */
- 0, sizeof(buf),
+ 0, 16,
0, 0, 0,
};
+ buf = kzalloc(16, GFP_KERNEL);
+ if (!buf)
+ return ODD_MECH_TYPE_UNSUPPORTED;
+ desc = (void *)(buf + 8);
+
ata_tf_init(dev, &tf);
tf.flags = ATA_TFLAG_ISADDR | ATA_TFLAG_DEVICE;
tf.command = ATA_CMD_PACKET;
tf.protocol = ATAPI_PROT_PIO;
- tf.lbam = sizeof(buf);
+ tf.lbam = 16;
ret = ata_exec_internal(dev, &tf, cdb, DMA_FROM_DEVICE,
- buf, sizeof(buf), 0);
- if (ret)
+ buf, 16, 0);
+ if (ret) {
+ kfree(buf);
return ODD_MECH_TYPE_UNSUPPORTED;
+ }
- if (be16_to_cpu(desc->feature_code) != 3)
+ if (be16_to_cpu(desc->feature_code) != 3) {
+ kfree(buf);
return ODD_MECH_TYPE_UNSUPPORTED;
+ }
- if (desc->mech_type == 0 && desc->load == 0 && desc->eject == 1)
+ if (desc->mech_type == 0 && desc->load == 0 && desc->eject == 1) {
+ kfree(buf);
return ODD_MECH_TYPE_SLOT;
- else if (desc->mech_type == 1 && desc->load == 0 && desc->eject == 1)
+ } else if (desc->mech_type == 1 && desc->load == 0 &&
+ desc->eject == 1) {
+ kfree(buf);
return ODD_MECH_TYPE_DRAWER;
- else
+ } else {
+ kfree(buf);
return ODD_MECH_TYPE_UNSUPPORTED;
+ }
}
/* Test if ODD is zero power ready by sense code */
--
2.19.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-03-28 14:17 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-26 3:07 [PATCH] libata: fix using DMA buffers on stack raymond pang
2019-03-26 14:09 ` Jens Axboe
2019-03-28 12:00 ` raymond pang
2019-03-28 12:19 raymond pang
2019-03-28 14:17 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).