[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210630122057.2795882-1-arnd@kernel.org>
Date: Wed, 30 Jun 2021 14:20:53 +0200
From: Arnd Bergmann <arnd@...nel.org>
To: Ulf Hansson <ulf.hansson@...aro.org>
Cc: Arnd Bergmann <arnd@...db.de>,
Jernej Skrabec <jernej.skrabec@...il.com>,
Adrian Hunter <adrian.hunter@...el.com>,
linux-mmc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] mmc: warn for invalid SDIO data buffers
From: Arnd Bergmann <arnd@...db.de>
Jernej Skrabec reported a problem with the cw1200 driver failing on
arm64 systems with CONFIG_VMAP_STACK=y.
The driver in this case passes a pointer to a stack variable (in vmalloc
space) into the sdio layer, which gets translated into an invalid DMA
address.
Even without CONFIG_VMAP_STACK, the driver is still unreliable, as
cache invalidations on the DMA buffer may cause random data corruption
in adjacent stack slots.
This could be worked around in the SDIO core, but in the discussion we
decided that passing a stack variable into SDIO should always be considered
a bug, as it is for USB drivers.
Change the sdio core to produce a one-time warning for any on-stack
(both with and without CONFIG_VMAP_STACK) as well as any vmalloc
or module-local address that would have the same translation problem.
Cc: Jernej Skrabec <jernej.skrabec@...il.com>
Link: https://lore.kernel.org/lkml/20210622202345.795578-1-jernej.skrabec@gmail.com/
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
drivers/mmc/core/sdio_ops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/mmc/core/sdio_ops.c b/drivers/mmc/core/sdio_ops.c
index 4c229dd2b6e5..14e983faf223 100644
--- a/drivers/mmc/core/sdio_ops.c
+++ b/drivers/mmc/core/sdio_ops.c
@@ -6,6 +6,7 @@
*/
#include <linux/scatterlist.h>
+#include <linux/sched/task_stack.h>
#include <linux/mmc/host.h>
#include <linux/mmc/card.h>
@@ -124,6 +125,7 @@ int mmc_io_rw_extended(struct mmc_card *card, int write, unsigned fn,
int err;
WARN_ON(blksz == 0);
+ WARN_ON_ONCE(is_vmalloc_or_module_addr(buf) || object_is_on_stack(buf));
/* sanity check */
if (addr & ~0x1FFFF)
--
2.29.2
Powered by blists - more mailing lists