Eric Auger
2019-Jul-22 16:51 UTC
[PATCH v2] dma-mapping: Use dma_get_mask in dma_addressing_limited
We currently have cases where the dma_addressing_limited() gets called with dma_mask unset. This causes a NULL pointer dereference. Use dma_get_mask() accessor to prevent the crash. Fixes: b866455423e0 ("dma-mapping: add a dma_addressing_limited helper") Signed-off-by: Eric Auger <eric.auger at redhat.com> --- v1 -> v2: - was [PATCH 1/2] dma-mapping: Protect dma_addressing_limited against NULL dma_mask - Use dma_get_mask --- include/linux/dma-mapping.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h index e11b115dd0e4..f7d1eea32c78 100644 --- a/include/linux/dma-mapping.h +++ b/include/linux/dma-mapping.h @@ -689,8 +689,8 @@ static inline int dma_coerce_mask_and_coherent(struct device *dev, u64 mask) */ static inline bool dma_addressing_limited(struct device *dev) { - return min_not_zero(*dev->dma_mask, dev->bus_dma_mask) < - dma_get_required_mask(dev); + return min_not_zero(dma_get_mask(dev), dev->bus_dma_mask) < + dma_get_required_mask(dev); } #ifdef CONFIG_ARCH_HAS_SETUP_DMA_OPS -- 2.20.1
Auger Eric
2019-Jul-22 16:56 UTC
[PATCH v2] dma-mapping: Use dma_get_mask in dma_addressing_limited
Hi Christoph, On 7/22/19 6:51 PM, Eric Auger wrote:> We currently have cases where the dma_addressing_limited() gets > called with dma_mask unset. This causes a NULL pointer dereference. > > Use dma_get_mask() accessor to prevent the crash. > > Fixes: b866455423e0 ("dma-mapping: add a dma_addressing_limited helper") > Signed-off-by: Eric Auger <eric.auger at redhat.com>As a follow-up of my last email, here is a patch featuring dma_get_mask(). But you don't have the WARN_ON_ONCE anymore, pointing out suspect users. Feel free to pick up your preferred approach Thanks Eric> > --- > > v1 -> v2: > - was [PATCH 1/2] dma-mapping: Protect dma_addressing_limited > against NULL dma_mask > - Use dma_get_mask > --- > include/linux/dma-mapping.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h > index e11b115dd0e4..f7d1eea32c78 100644 > --- a/include/linux/dma-mapping.h > +++ b/include/linux/dma-mapping.h > @@ -689,8 +689,8 @@ static inline int dma_coerce_mask_and_coherent(struct device *dev, u64 mask) > */ > static inline bool dma_addressing_limited(struct device *dev) > { > - return min_not_zero(*dev->dma_mask, dev->bus_dma_mask) < > - dma_get_required_mask(dev); > + return min_not_zero(dma_get_mask(dev), dev->bus_dma_mask) < > + dma_get_required_mask(dev); > } > > #ifdef CONFIG_ARCH_HAS_SETUP_DMA_OPS >
Michael S. Tsirkin
2019-Jul-22 18:45 UTC
[PATCH v2] dma-mapping: Use dma_get_mask in dma_addressing_limited
On Mon, Jul 22, 2019 at 06:51:49PM +0200, Eric Auger wrote:> We currently have cases where the dma_addressing_limited() gets > called with dma_mask unset. This causes a NULL pointer dereference. > > Use dma_get_mask() accessor to prevent the crash. > > Fixes: b866455423e0 ("dma-mapping: add a dma_addressing_limited helper") > Signed-off-by: Eric Auger <eric.auger at redhat.com>Acked-by: Michael S. Tsirkin <mst at redhat.com> If possible I really prefer this approach: avoids changing all callers and uses documented interfaces.> --- > > v1 -> v2: > - was [PATCH 1/2] dma-mapping: Protect dma_addressing_limited > against NULL dma_mask > - Use dma_get_mask > --- > include/linux/dma-mapping.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h > index e11b115dd0e4..f7d1eea32c78 100644 > --- a/include/linux/dma-mapping.h > +++ b/include/linux/dma-mapping.h > @@ -689,8 +689,8 @@ static inline int dma_coerce_mask_and_coherent(struct device *dev, u64 mask) > */ > static inline bool dma_addressing_limited(struct device *dev) > { > - return min_not_zero(*dev->dma_mask, dev->bus_dma_mask) < > - dma_get_required_mask(dev); > + return min_not_zero(dma_get_mask(dev), dev->bus_dma_mask) < > + dma_get_required_mask(dev); > } > > #ifdef CONFIG_ARCH_HAS_SETUP_DMA_OPS > -- > 2.20.1
Michael S. Tsirkin
2019-Jul-22 18:57 UTC
[PATCH v2] dma-mapping: Use dma_get_mask in dma_addressing_limited
On Mon, Jul 22, 2019 at 06:56:49PM +0200, Auger Eric wrote:> Hi Christoph, > > On 7/22/19 6:51 PM, Eric Auger wrote: > > We currently have cases where the dma_addressing_limited() gets > > called with dma_mask unset. This causes a NULL pointer dereference. > > > > Use dma_get_mask() accessor to prevent the crash. > > > > Fixes: b866455423e0 ("dma-mapping: add a dma_addressing_limited helper") > > Signed-off-by: Eric Auger <eric.auger at redhat.com> > > As a follow-up of my last email, here is a patch featuring > dma_get_mask(). But you don't have the WARN_ON_ONCE anymore, pointing > out suspect users.OTOH these users then simply become okay so no need for WARN_ON_ONCE then :)> Feel free to pick up your preferred approach > > Thanks > > Eric > > > > --- > > > > v1 -> v2: > > - was [PATCH 1/2] dma-mapping: Protect dma_addressing_limited > > against NULL dma_mask > > - Use dma_get_mask > > --- > > include/linux/dma-mapping.h | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h > > index e11b115dd0e4..f7d1eea32c78 100644 > > --- a/include/linux/dma-mapping.h > > +++ b/include/linux/dma-mapping.h > > @@ -689,8 +689,8 @@ static inline int dma_coerce_mask_and_coherent(struct device *dev, u64 mask) > > */ > > static inline bool dma_addressing_limited(struct device *dev) > > { > > - return min_not_zero(*dev->dma_mask, dev->bus_dma_mask) < > > - dma_get_required_mask(dev); > > + return min_not_zero(dma_get_mask(dev), dev->bus_dma_mask) < > > + dma_get_required_mask(dev); > > } > > > > #ifdef CONFIG_ARCH_HAS_SETUP_DMA_OPS > >
Christoph Hellwig
2019-Jul-23 15:37 UTC
[PATCH v2] dma-mapping: Use dma_get_mask in dma_addressing_limited
On Mon, Jul 22, 2019 at 06:56:49PM +0200, Auger Eric wrote:> Hi Christoph, > > On 7/22/19 6:51 PM, Eric Auger wrote: > > We currently have cases where the dma_addressing_limited() gets > > called with dma_mask unset. This causes a NULL pointer dereference. > > > > Use dma_get_mask() accessor to prevent the crash. > > > > Fixes: b866455423e0 ("dma-mapping: add a dma_addressing_limited helper") > > Signed-off-by: Eric Auger <eric.auger at redhat.com> > > As a follow-up of my last email, here is a patch featuring > dma_get_mask(). But you don't have the WARN_ON_ONCE anymore, pointing > out suspect users. > > Feel free to pick up your preferred approachI can take this for now as we are past the merge window.
Maybe Matching Threads
- [PATCH v2] dma-mapping: Use dma_get_mask in dma_addressing_limited
- [PATCH 0/2] Fix NULL pointer dereference with virtio-blk-pci and virtual IOMMU
- [PATCH v2] dma-mapping: Use dma_get_mask in dma_addressing_limited
- [PATCH 1/2] dma-mapping: Protect dma_addressing_limited against NULL dma_mask
- [PATCH 1/2] dma-mapping: Protect dma_addressing_limited against NULL dma_mask