lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1457515776-12352-2-git-send-email-thunder.leizhen@huawei.com>
Date:	Wed, 9 Mar 2016 17:29:36 +0800
From:	Zhen Lei <thunder.leizhen@...wei.com>
To:	Andrew Morton <akpm@...ux-foundation.org>,
	Marek Szyprowski <m.szyprowski@...sung.com>,
	Will Deacon <will.deacon@....com>,
	linux-kernel <linux-kernel@...r.kernel.org>
CC:	Zefan Li <lizefan@...wei.com>, Xinwei Hu <huxinwei@...wei.com>,
	"Tianhong Ding" <dingtianhong@...wei.com>,
	Hanjun Guo <guohanjun@...wei.com>,
	Zhen Lei <thunder.leizhen@...wei.com>
Subject: [PATCH v2 1/1] dma-mapping: to avoid oops when parameter cpu_addr is null

To keep consistent with kfree, which tolerate ptr is NULL. We do this
because sometimes we may use goto statement, so that success and failure
case can share parts of the code. But unfortunately, dma_free_coherent
called with parameter cpu_addr is null will cause oops, such as showed
below:

Unable to handle kernel paging request at virtual address ffffffc020d3b2b8
pgd = ffffffc083a61000
[ffffffc020d3b2b8] *pgd=0000000000000000, *pud=0000000000000000
CPU: 4 PID: 1489 Comm: malloc_dma_1 Tainted: G           O    4.1.12 #1
Hardware name: ARM64 (DT)
task: ffffffc00d7d26c0 ti: ffffffc0837fc000 task.ti: ffffffc0837fc000
PC is at __dma_free_coherent.isra.10+0x74/0xc8
LR is at __dma_free+0x9c/0xb0
pc : [<ffffffc000214d10>] lr : [<ffffffc000214e00>] pstate: 80000145
sp : ffffffc0837ff700
x29: ffffffc0837ff700 x28: 0000000000000000
x27: 0000000000000000 x26: ffffffffffffffff
x25: ffffffc000d1b1d0 x24: ffffffffffffffff
x23: 0000000000a00000 x22: ffffffbfff5fffff
x21: 0000000000100000 x20: ffffffc2e21f7010
x19: ffffffffffffffff x18: 0000000000000000
x17: 0000007f9360a2b0 x16: ffffffc000541040
x15: ffffffffffffffff x14: ffffffffffffffff
x13: ffffffffffffffff x12: 0000000000000001
x11: 0000000000000068 x10: 0000000000000040
x9 : ffffffc000214e00 x8 : ffffffc2e54586b0
x7 : 0000000000000000 x6 : 0000000000000004
x5 : ffffffc000214d64 x4 : 0000000000000000
x3 : 0000000003ffffff x2 : 00000003ffffffff
x1 : 000fffffffffffff x0 : ffffffc000d3b2c0

Process malloc_dma_1 (pid: 1489, stack limit = 0xffffffc0837fc020)
Stack: (0xffffffc0837ff700 to 0xffffffc083800000)
f700: ffffffc0837ff730 ffffffc000214e00 0000000000100000 0000000000000000
f720: ffffffc2e21f7010 ffffffc0837ff7d0 ffffffc0837ff770 ffffffbffc1d6134
f740: ffffffc2e21f7010 00000000000001a0 0000000000000064 ffffffc0837ff7d0
f760: ffffffc000c9fa20 ffffffc0837ffaf0 ffffffc0837ffe10 ffffffc000239b0c
f780: ffffffc00d54a280 ffffffc000d1ef58 ffffffc000957163 ffffffc2e21f7000
[...]
Call trace:
[<ffffffc000214d10>] __dma_free_coherent.isra.10+0x74/0xc8
[<ffffffc000214e00>] __dma_free+0x9c/0xb0
[<ffffffbffc1d6134>] malloc_dma+0x104/0x158 [dma_alloc_coherent_mtmalloc]
[<ffffffc000239b0c>] kthread+0xec/0xfc

Signed-off-by: Zhen Lei <thunder.leizhen@...wei.com>
---
 include/linux/dma-mapping.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h
index 75857cd..728ef07 100644
--- a/include/linux/dma-mapping.h
+++ b/include/linux/dma-mapping.h
@@ -386,7 +386,7 @@ static inline void dma_free_attrs(struct device *dev, size_t size,
 	if (dma_release_from_coherent(dev, get_order(size), cpu_addr))
 		return;

-	if (!ops->free)
+	if (!ops->free || !cpu_addr)
 		return;

 	debug_dma_free_coherent(dev, size, cpu_addr, dma_handle);
--
2.5.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ