lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251208032545.GB1356249@ax162>
Date: Sun, 7 Dec 2025 19:25:45 -0800
From: Nathan Chancellor <nathan@...nel.org>
To: Hans de Goede <johannes.goede@....qualcomm.com>
Cc: Marek Szyprowski <m.szyprowski@...sung.com>,
	Robin Murphy <robin.murphy@....com>, iommu@...ts.linux.dev,
	linux-kernel@...r.kernel.org,
	Sakari Ailus <sakari.ailus@...ux.intel.com>,
	James Clark <james.clark@...aro.org>, stable@...r.kernel.org
Subject: Re: [PATCH 6.18 regression fix] dma-mapping: Fix DMA_BIT_MASK()
 macro being broken

On Sun, Dec 07, 2025 at 07:47:56PM +0100, Hans de Goede wrote:
> After commit a50f7456f853 ("dma-mapping: Allow use of DMA_BIT_MASK(64) in
> global scope"), the DMA_BIT_MASK() macro is broken when passed non trivial
> statements for the value of 'n'. This is caused by the new version missing
> parenthesis around 'n' when evaluating 'n'.
> 
> One example of this breakage is the IPU6 driver now crashing due to
> it getting DMA-addresses with address bit 32 set even though it has
> tried to set a 32 bit DMA mask.
> 
> The IPU6 CSI2 engine has a DMA mask of either 31 or 32 bits depending
> on if it is in secure mode or not and it sets this masks like this:
> 
>         mmu_info->aperture_end =
>                 (dma_addr_t)DMA_BIT_MASK(isp->secure_mode ?
>                                          IPU6_MMU_ADDR_BITS :
>                                          IPU6_MMU_ADDR_BITS_NON_SECURE);
> 
> So the 'n' argument here is "isp->secure_mode ? IPU6_MMU_ADDR_BITS :
> IPU6_MMU_ADDR_BITS_NON_SECURE" which gets expanded into:
> 
> isp->secure_mode ? IPU6_MMU_ADDR_BITS : IPU6_MMU_ADDR_BITS_NON_SECURE - 1
> 
> With the -1 only being applied in the non secure case, causing
> the secure mode mask to be one 1 bit too large.
> 
> Fixes: a50f7456f853 ("dma-mapping: Allow use of DMA_BIT_MASK(64) in global scope")
> Cc: Sakari Ailus <sakari.ailus@...ux.intel.com>
> Cc: James Clark <james.clark@...aro.org>
> Cc: Nathan Chancellor <nathan@...nel.org>
> Cc: stable@...r.kernel.org
> Signed-off-by: Hans de Goede <johannes.goede@....qualcomm.com>

Yeah, the parentheses definitely should have been kept.

Reviewed-by: Nathan Chancellor <nathan@...nel.org>

> ---
>  include/linux/dma-mapping.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h
> index 2ceda49c609f..aa36a0d1d9df 100644
> --- a/include/linux/dma-mapping.h
> +++ b/include/linux/dma-mapping.h
> @@ -90,7 +90,7 @@
>   */
>  #define DMA_MAPPING_ERROR		(~(dma_addr_t)0)
>  
> -#define DMA_BIT_MASK(n)	GENMASK_ULL(n - 1, 0)
> +#define DMA_BIT_MASK(n)	GENMASK_ULL((n) - 1, 0)
>  
>  struct dma_iova_state {
>  	dma_addr_t addr;
> -- 
> 2.52.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ