Stable Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] dma-mapping: Use unsigned types for size checks
@ 2019-08-12 19:03 Isaac J. Manjarres
       [not found] ` <20190813124814.A17F320578@mail.kernel.org>
  0 siblings, 1 reply; 2+ messages in thread
From: Isaac J. Manjarres @ 2019-08-12 19:03 UTC (permalink / raw)
  To: hch, m.szyprowski, robin.murphy
  Cc: Isaac J. Manjarres, iommu, linux-kernel, pratikp, lmark, stable

Both the size parameter in the dma_alloc_from_[dev/global]_coherent()
functions and the size field in the dma_coherent_mem structure
are represented by a signed quantity, which makes it so that any
comparisons between these two quantities is a signed comparison.

When a reserved memory region is larger than or equal to 2GB in
size, this will cause the most significant bit to be set to 1,
thus, treating the size as a negative number in signed
comparisons.

This can result in allocation failures when an amount of
memory that is strictly less than 2 GB is requested from
this region. The allocation fails because the signed comparison
to prevent from allocating more memory than what is in the
region in __dma_alloc_from_coherent() evaluates to true since
the size of the region is treated as a negative number, but the
size of the request is treated as a positive number.

Thus, change the type of the size parameter in the allocation
functions to an unsigned type, and change the type of the
size field in the dma_coherent_mem structure to an unsigned type
as well, as it does not make sense for sizes to be represented
by signed quantities.

Fixes: ee7e5516be4f ("generic: per-device coherent dma allocator")
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
Cc: stable@vger.kernel.org
---
 include/linux/dma-mapping.h | 6 +++---
 kernel/dma/coherent.c       | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h
index f7d1eea..06d446d 100644
--- a/include/linux/dma-mapping.h
+++ b/include/linux/dma-mapping.h
@@ -159,14 +159,14 @@ static inline int is_device_dma_capable(struct device *dev)
  * These three functions are only for dma allocator.
  * Don't use them in device drivers.
  */
-int dma_alloc_from_dev_coherent(struct device *dev, ssize_t size,
+int dma_alloc_from_dev_coherent(struct device *dev, size_t size,
 				       dma_addr_t *dma_handle, void **ret);
 int dma_release_from_dev_coherent(struct device *dev, int order, void *vaddr);
 
 int dma_mmap_from_dev_coherent(struct device *dev, struct vm_area_struct *vma,
 			    void *cpu_addr, size_t size, int *ret);
 
-void *dma_alloc_from_global_coherent(ssize_t size, dma_addr_t *dma_handle);
+void *dma_alloc_from_global_coherent(size_t size, dma_addr_t *dma_handle);
 int dma_release_from_global_coherent(int order, void *vaddr);
 int dma_mmap_from_global_coherent(struct vm_area_struct *vma, void *cpu_addr,
 				  size_t size, int *ret);
@@ -176,7 +176,7 @@ int dma_mmap_from_global_coherent(struct vm_area_struct *vma, void *cpu_addr,
 #define dma_release_from_dev_coherent(dev, order, vaddr) (0)
 #define dma_mmap_from_dev_coherent(dev, vma, vaddr, order, ret) (0)
 
-static inline void *dma_alloc_from_global_coherent(ssize_t size,
+static inline void *dma_alloc_from_global_coherent(size_t size,
 						   dma_addr_t *dma_handle)
 {
 	return NULL;
diff --git a/kernel/dma/coherent.c b/kernel/dma/coherent.c
index 29fd659..c671d5c 100644
--- a/kernel/dma/coherent.c
+++ b/kernel/dma/coherent.c
@@ -13,7 +13,7 @@ struct dma_coherent_mem {
 	void		*virt_base;
 	dma_addr_t	device_base;
 	unsigned long	pfn_base;
-	int		size;
+	unsigned long	size;
 	unsigned long	*bitmap;
 	spinlock_t	spinlock;
 	bool		use_dev_dma_pfn_offset;
@@ -136,7 +136,7 @@ void dma_release_declared_memory(struct device *dev)
 EXPORT_SYMBOL(dma_release_declared_memory);
 
 static void *__dma_alloc_from_coherent(struct dma_coherent_mem *mem,
-		ssize_t size, dma_addr_t *dma_handle)
+		size_t size, dma_addr_t *dma_handle)
 {
 	int order = get_order(size);
 	unsigned long flags;
@@ -179,7 +179,7 @@ static void *__dma_alloc_from_coherent(struct dma_coherent_mem *mem,
  * Returns 0 if dma_alloc_coherent should continue with allocating from
  * generic memory areas, or !0 if dma_alloc_coherent should return @ret.
  */
-int dma_alloc_from_dev_coherent(struct device *dev, ssize_t size,
+int dma_alloc_from_dev_coherent(struct device *dev, size_t size,
 		dma_addr_t *dma_handle, void **ret)
 {
 	struct dma_coherent_mem *mem = dev_get_coherent_memory(dev);
@@ -191,7 +191,7 @@ int dma_alloc_from_dev_coherent(struct device *dev, ssize_t size,
 	return 1;
 }
 
-void *dma_alloc_from_global_coherent(ssize_t size, dma_addr_t *dma_handle)
+void *dma_alloc_from_global_coherent(size_t size, dma_addr_t *dma_handle)
 {
 	if (!dma_coherent_default_memory)
 		return NULL;
-- 
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] dma-mapping: Use unsigned types for size checks
       [not found] ` <20190813124814.A17F320578@mail.kernel.org>
@ 2019-08-13 16:36   ` isaacm
  0 siblings, 0 replies; 2+ messages in thread
From: isaacm @ 2019-08-13 16:36 UTC (permalink / raw)
  To: Sasha Levin; +Cc: hch, m.szyprowski, robin.murphy, stable

On 2019-08-13 05:48, Sasha Levin wrote:
> Hi,
> 
> [This is an automated email]
> 
> This commit has been processed because it contains a "Fixes:" tag,
> fixing commit: ee7e5516be4f generic: per-device coherent dma allocator.
> 
> The bot has tested the following trees: v5.2.8, v4.19.66, v4.14.138,
> v4.9.189, v4.4.189.
> 
> v5.2.8: Build OK!
> v4.19.66: Failed to apply! Possible dependencies:
>     Unable to calculate
> 
> v4.14.138: Failed to apply! Possible dependencies:
>     Unable to calculate
> 
> v4.9.189: Failed to apply! Possible dependencies:
>     43fc509c3efb ("dma-coherent: introduce interface for default DMA 
> pool")
>     92f66f84d969 ("arm64: Fix the DMA mmap and get_sgtable API with
> DMA_ATTR_FORCE_CONTIGUOUS")
>     93228b44c33a ("drivers: dma-coherent: Introduce default DMA pool")
>     c41f9ea998f3 ("drivers: dma-coherent: Account dma_pfn_offset when
> used with device tree")
> 
> v4.4.189: Failed to apply! Possible dependencies:
>     052c96dbe33b ("arc: convert to dma_map_ops")
>     20d666e41166 ("dma-mapping: remove <asm-generic/dma-coherent.h>")
>     340f3039acd6 ("m68k: convert to dma_map_ops")
>     4605f04b2893 ("c6x: convert to dma_map_ops")
>     5348c1e9e0dc ("metag: convert to dma_map_ops")
>     5a1a67f1d7fe ("nios2: convert to dma_map_ops")
>     6f62097583e7 ("blackfin: convert to dma_map_ops")
>     79387179e2e4 ("parisc: convert to dma_map_ops")
>     a34a517ac96c ("avr32: convert to dma_map_ops")
>     e1c7e324539a ("dma-mapping: always provide the dma_map_ops based
> implementation")
>     e20dd88995df ("cris: convert to dma_map_ops")
>     eae075196305 ("frv: convert to dma_map_ops")
>     f151341ca00e ("mn10300: convert to dma_map_ops")
> 
> 
> NOTE: The patch will not be queued to stable trees until it is 
> upstream.
> 
> How should we proceed with this patch?
> 
> --
> Thanks,
> Sasha

If everyone is okay with this patch, then we can just apply it on the 
mainline kernel.
The change can be backported to the older kernels at a later point in 
time.

Thanks,
Isaac

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-12 19:03 [PATCH] dma-mapping: Use unsigned types for size checks Isaac J. Manjarres
     [not found] ` <20190813124814.A17F320578@mail.kernel.org>
2019-08-13 16:36   ` isaacm

Stable Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ https://lore.kernel.org/stable \
		stable@vger.kernel.org stable@archiver.kernel.org
	public-inbox-index stable


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.stable


AGPL code for this site: git clone https://public-inbox.org/ public-inbox