kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/p54-avoid-accessing-the-data-mapped-to-streaming-DMA.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   fb63c583ad5afe16582c06f6134bec89e654a208
  2.   patches.suse
  3.   p54-avoid-accessing-the-data-mapped-to-streaming-DMA.patch
Blob History Raw
Takashi Iwai 27e00c 
From 478762855b5ae9f68fa6ead1edf7abada70fcd5f Mon Sep 17 00:00:00 2001
Takashi Iwai 27e00c 
From: Jia-Ju Bai <baijiaju@tsinghua.edu.cn>
Takashi Iwai 27e00c 
Date: Sun, 2 Aug 2020 21:29:49 +0800
Takashi Iwai 27e00c 
Subject: [PATCH] p54: avoid accessing the data mapped to streaming DMA
Takashi Iwai 27e00c 
Git-commit: 478762855b5ae9f68fa6ead1edf7abada70fcd5f
Takashi Iwai 27e00c 
Patch-mainline: v5.10-rc1
Takashi Iwai 27e00c 
References: git-fixes
Takashi Iwai 27e00c
Takashi Iwai 27e00c 
In p54p_tx(), skb->data is mapped to streaming DMA on line 337:
Takashi Iwai 27e00c 
  mapping = pci_map_single(..., skb->data, ...);
Takashi Iwai 27e00c
Takashi Iwai 27e00c 
Then skb->data is accessed on line 349:
Takashi Iwai 27e00c 
  desc->device_addr = ((struct p54_hdr *)skb->data)->req_id;
Takashi Iwai 27e00c
Takashi Iwai 27e00c 
This access may cause data inconsistency between CPU cache and hardware.
Takashi Iwai 27e00c
Takashi Iwai 27e00c 
To fix this problem, ((struct p54_hdr *)skb->data)->req_id is stored in
Takashi Iwai 27e00c 
a local variable before DMA mapping, and then the driver accesses this
Takashi Iwai 27e00c 
local variable instead of skb->data.
Takashi Iwai 27e00c
Takashi Iwai 27e00c 
Cc: <stable@vger.kernel.org>
Takashi Iwai 27e00c 
Signed-off-by: Jia-Ju Bai <baijiaju@tsinghua.edu.cn>
Takashi Iwai 27e00c 
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Takashi Iwai 27e00c 
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Takashi Iwai 27e00c 
Link: https://lore.kernel.org/r/20200802132949.26788-1-baijiaju@tsinghua.edu.cn
Takashi Iwai 27e00c 
Acked-by: Takashi Iwai <tiwai@suse.de>
Takashi Iwai 27e00c
Takashi Iwai 27e00c 
---
Takashi Iwai 27e00c 
 drivers/net/wireless/intersil/p54/p54pci.c |    4 +++-
Takashi Iwai 27e00c 
 1 file changed, 3 insertions(+), 1 deletion(-)
Takashi Iwai 27e00c
Takashi Iwai 27e00c 
--- a/drivers/net/wireless/intersil/p54/p54pci.c
Takashi Iwai 27e00c 
+++ b/drivers/net/wireless/intersil/p54/p54pci.c
Takashi Iwai 27e00c 
@@ -332,10 +332,12 @@ static void p54p_tx(struct ieee80211_hw
Takashi Iwai 27e00c 
 	struct p54p_desc *desc;
Takashi Iwai 27e00c 
 	dma_addr_t mapping;
Takashi Iwai 27e00c 
 	u32 idx, i;
Takashi Iwai 27e00c 
+	__le32 device_addr;
Takashi Iwai 27e00c
Takashi Iwai 27e00c 
 	spin_lock_irqsave(&priv->lock, flags);
Takashi Iwai 27e00c 
 	idx = le32_to_cpu(ring_control->host_idx[1]);
Takashi Iwai 27e00c 
 	i = idx % ARRAY_SIZE(ring_control->tx_data);
Takashi Iwai 27e00c 
+	device_addr = ((struct p54_hdr *)skb->data)->req_id;
Takashi Iwai 27e00c
Takashi Iwai 27e00c 
 	mapping = pci_map_single(priv->pdev, skb->data, skb->len,
Takashi Iwai 27e00c 
 				 PCI_DMA_TODEVICE);
Takashi Iwai 27e00c 
@@ -349,7 +351,7 @@ static void p54p_tx(struct ieee80211_hw
Takashi Iwai 27e00c
Takashi Iwai 27e00c 
 	desc = &ring_control->tx_data[i];
Takashi Iwai 27e00c 
 	desc->host_addr = cpu_to_le32(mapping);
Takashi Iwai 27e00c 
-	desc->device_addr = ((struct p54_hdr *)skb->data)->req_id;
Takashi Iwai 27e00c 
+	desc->device_addr = device_addr;
Takashi Iwai 27e00c 
 	desc->len = cpu_to_le16(skb->len);
Takashi Iwai 27e00c 
 	desc->flags = 0;
Takashi Iwai 27e00c
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.