git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Liu Shixin <liushixin2@huawei.com>
	Thu, 30 Jun 2022 11:32:25 +0000 (19:32 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 2 Jul 2022 14:18:11 +0000 (16:18 +0200)
commit	87fe5447ea2d3331aeea4f225baa88179e9ab8a2
tree	485d9a5e1563ee8ffd91b62040a54d7f9a6901bd	tree
parent	6af88cc6e46baa277bc66c025442edd7abc51213	commit \| diff

swiotlb: skip swiotlb_bounce when orig_addr is zero

After patch ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE"),
swiotlb_bounce will be called in swiotlb_tbl_map_single unconditionally.
This requires that the physical address must be valid, which is not always
true on stable-4.19 or earlier version.
On stable-4.19, swiotlb_alloc_buffer will call swiotlb_tbl_map_single with
orig_addr equal to zero, which cause such a panic:

Unable to handle kernel paging request at virtual address ffffb77a40000000
...
pc : __memcpy+0x100/0x180
lr : swiotlb_bounce+0x74/0x88
...
Call trace:
__memcpy+0x100/0x180
swiotlb_tbl_map_single+0x2c8/0x338
swiotlb_alloc+0xb4/0x198
__dma_alloc+0x84/0x1d8
...

On stable-4.9 and stable-4.14, swiotlb_alloc_coherent wille call map_single
with orig_addr equal to zero, which can cause same panic.

Fix this by skipping swiotlb_bounce when orig_addr is zero.

Fixes: ddbd89deb7d3 ("swiotlb: fix info leak with DMA_FROM_DEVICE")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>