linux-kernel - [PATCH] ath10k: fix invalid dma_addr

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date:   Thu, 14 Oct 2021 09:51:15 +0200
From:   Arnd Bergmann <arnd@...nel.org>
To:     Kalle Valo <kvalo@...eaurora.org>,
        Alagu Sankar <alagusankar@...ex-india.com>
Cc:     Arnd Bergmann <arnd@...db.de>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Brian Norris <briannorris@...omium.org>,
        Wen Gong <wgong@...eaurora.org>,
        Tamizh Chelvam <tamizhr@...eaurora.org>,
        Carl Huang <cjhuang@...eaurora.org>,
        Miaoqing Pan <miaoqing@...eaurora.org>,
        Ben Greear <greearb@...delatech.com>,
        Erik Stromdahl <erik.stromdahl@...il.com>,
        Fabio Estevam <festevam@...x.de>, ath10k@...ts.infradead.org,
        linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH] ath10k: fix invalid dma_addr_t token assignment

From: Arnd Bergmann <arnd@...db.de>

Using a kernel pointer in place of a dma_addr_t token can
lead to undefined behavior if that makes it into cache
management functions. The compiler caught one such attempt
in a cast:

drivers/net/wireless/ath/ath10k/mac.c: In function 'ath10k_add_interface':
drivers/net/wireless/ath/ath10k/mac.c:5586:47: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
 5586 |                         arvif->beacon_paddr = (dma_addr_t)arvif->beacon_buf;
      |                                               ^

Looking through how this gets used down the way, I'm fairly
sure that beacon_paddr is never accessed again for ATH10K_DEV_TYPE_HL
devices, and if it was accessed, that would be a bug.

Change the assignment to use a known-invalid address token
instead, which avoids the warning and makes it easier to catch
bugs if it does end up getting used.

Fixes: e263bdab9c0e ("ath10k: high latency fixes for beacon buffer")
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
 drivers/net/wireless/ath/ath10k/mac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index 7ca68c81d9b6..c0e78eaa65f8 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -5583,7 +5583,7 @@ static int ath10k_add_interface(struct ieee80211_hw *hw,
 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
 						    GFP_KERNEL);
-			arvif->beacon_paddr = (dma_addr_t)arvif->beacon_buf;
+			arvif->beacon_paddr = DMA_MAPPING_ERROR;
 		} else {
 			arvif->beacon_buf =
 				dma_alloc_coherent(ar->dev,
-- 
2.29.2