kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/arch/arm/mm
History
Rabin Vincent b426867612 ARM: 8546/1: dma-mapping: refactor to fix coherent+cma+gfp=0 
Given a device which uses arm_coherent_dma_ops and on which
dev_get_cma_area(dev) returns non-NULL, the following usage of the DMA
API with gfp=0 results in memory corruption and a memory leak.

 p = dma_alloc_coherent(dev, sz, &dma, 0);
 if (p)
 	dma_free_coherent(dev, sz, p, dma);

The memory leak is because the alloc allocates using
__alloc_simple_buffer() but the free attempts
dma_release_from_contiguous() which does not do free anything since the
page is not in the CMA area.

The memory corruption is because the free calls __dma_remap() on a page
which is backed by only first level page tables.  The
apply_to_page_range() + __dma_update_pte() loop ends up interpreting the
section mapping as an addresses to a second level page table and writing
the new PTE to memory which is not used by page tables.

We don't have access to the GFP flags used for allocation in the free
function.  Fix this by adding allocator backends and using this
information in the free function so that we always use the correct
release routine.

Fixes: 21caf3a7 ("ARM: 8398/1: arm DMA: Fix allocation from CMA for coherent DMA")
Signed-off-by: Rabin Vincent <rabin.vincent@axis.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-03-04 23:35:17 +00:00
..
abort-ev4.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-ev4t.S
abort-ev5t.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-ev5tj.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-ev6.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-ev7.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-lv4t.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-macro.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-nommu.S
alignment.c uaccess: reimplement probe_kernel_address() using probe_kernel_read() 2015-11-05 19:34:48 -08:00
cache-aurora-l2.h ARM: 7547/4: cache-l2x0: add support for Aurora L2 cache ctrl 2012-11-06 19:47:35 +00:00
cache-fa.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-feroceon-l2.c ARM: 8416/1: Feroceon: use of_iomap() to map register base 2015-08-18 14:00:30 +01:00
cache-l2x0.c ARM: 8482/1: l2x0: make it possible to disable outer sync from DT 2015-12-22 12:15:53 +00:00
cache-nop.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-tauros2.c ARM: convert printk(KERN_* to pr_* 2014-11-21 15:24:50 +00:00
cache-tauros3.h ARM: 7922/1: l2x0: add Marvell Tauros3 support 2013-12-29 12:32:47 +00:00
cache-uniphier.c ARM: 8462/1: cache-uniphier: use common API to find the next level cache 2015-12-03 00:03:09 +00:00
cache-v4.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-v4wb.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-v4wt.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-v6.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-v7.S ARM: cache-v7: optimise test for Cortex A9 r0pX devices 2015-04-14 22:26:52 +01:00
cache-xsc3l2.c ARM: move CP15 definitions to separate header file 2012-03-28 18:30:01 +01:00
context.c ARM: 8465/1: mm: keep reserved ASIDs in sync with mm after multiple rollovers 2015-12-02 23:57:54 +00:00
copypage-fa.c
copypage-feroceon.c
copypage-v4mc.c Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-03-29 16:53:48 -07:00
copypage-v4wb.c
copypage-v4wt.c
copypage-v6.c ARM: 8236/1: mm: fix discard_old_kernel_data 2014-12-03 16:00:04 +00:00
copypage-xsc3.c
copypage-xscale.c Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-03-29 16:53:48 -07:00
dma-mapping.c ARM: 8546/1: dma-mapping: refactor to fix coherent+cma+gfp=0 2016-03-04 23:35:17 +00:00
dma.h ARM: reduce visibility of dmac_* functions 2015-08-01 22:25:04 +01:00
dump.c ARM: 8249/1: mm: dump: don't skip regions 2015-01-07 20:33:33 +00:00
extable.c ARM: 7876/1: clear Thumb-2 IT state on exception handling 2013-11-07 00:15:49 +00:00
fault-armv.c ARM: convert printk(KERN_* to pr_* 2014-11-21 15:24:50 +00:00
fault.c ARM: 8447/1: catch pending imprecise abort on unmask 2015-10-19 17:08:33 +01:00
fault.h ARM: 8447/1: catch pending imprecise abort on unmask 2015-10-19 17:08:33 +01:00
flush.c mm: differentiate page_mapped() from page_mapcount() for compound pages 2016-01-15 17:56:32 -08:00
fsr-2level.c
fsr-3level.c ARM: mm: Transparent huge page support for LPAE systems. 2013-06-04 16:52:38 +01:00
highmem.c kmap_atomic_to_page() has no users, remove it 2015-11-09 15:11:24 -08:00
hugetlbpage.c mm/hugetlb: reduce arch dependent code about huge_pmd_unshare 2015-06-24 17:49:41 -07:00
idmap.c ARM: make virt_to_idmap() return unsigned long 2016-02-08 15:47:28 +00:00
init.c ARM: 8502/1: mm: mark section-aligned portion of rodata NX 2016-02-11 15:44:10 +00:00
iomap.c
ioremap.c ARM: add support for generic early_ioremap/early_memremap 2015-12-13 19:18:28 +01:00
Kconfig ARM: 8535/1: mm: DEBUG_RODATA makes no sense with XIP_KERNEL 2016-02-22 11:39:42 +00:00
l2c-common.c ARM: outer cache: add WARN_ON() to outer_disable() 2014-05-30 00:47:23 +01:00
l2c-l2x0-resume.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
Makefile ARM: uniphier: add outer cache support 2015-10-27 09:20:50 +09:00
mm.h ARM: provide common method to clear bits in CPU control register 2014-06-02 09:20:11 +01:00
mmap.c arm: mm: support ARCH_MMAP_RND_BITS 2016-01-14 16:00:49 -08:00
mmu.c ARM: 8518/1: Use correct symbols for XIP_KERNEL 2016-02-11 15:43:14 +00:00
nommu.c ARM: io: convert ioremap*() to functions 2015-07-03 17:06:56 +01:00
pabort-legacy.S
pabort-v6.S
pabort-v7.S
pageattr.c ARM: 8311/1: Don't use is_module_addr in setting page attributes 2015-03-18 10:13:46 +00:00
pgd.c ARM: domains: keep vectors in separate domain 2015-08-21 13:55:53 +01:00
proc-arm7tdmi.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm9tdmi.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm720.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm740.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm920.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm922.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm925.S ARM: 8349/1: arch/arm/mm/proc-arm925.S: remove dead #ifdef block 2015-05-03 23:22:27 +01:00
proc-arm926.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm940.S Merge branches 'misc', 'vdso' and 'fixes' into for-next 2015-04-14 22:28:25 +01:00
proc-arm946.S Merge branches 'misc', 'vdso' and 'fixes' into for-next 2015-04-14 22:28:25 +01:00
proc-arm1020.S ARM: 8348/1: remove comments on CPU_ARM1020_CPU_IDLE 2015-05-03 23:22:09 +01:00
proc-arm1020e.S ARM: 8348/1: remove comments on CPU_ARM1020_CPU_IDLE 2015-05-03 23:22:09 +01:00
proc-arm1022.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm1026.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-fa526.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-feroceon.S ARM: 8350/1: proc-feroceon: Fix feroceon_proc_info macro 2015-05-03 23:23:09 +01:00
proc-macros.S Merge branches 'misc', 'vdso' and 'fixes' into for-next 2015-04-14 22:28:25 +01:00
proc-mohawk.S ARM: mohawk: allow building with MMU disabled 2015-12-01 21:44:25 +01:00
proc-sa110.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-sa1100.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-syms.c ARM: modules: don't export cpu_set_pte_ext when !MMU 2013-03-26 09:55:34 +00:00
proc-v6.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-v7-2level.S Merge branches 'arnd-fixes', 'clk', 'misc', 'v7' and 'fixes' into for-next 2015-06-12 21:18:08 +01:00
proc-v7-3level.S ARM: redo TTBR setup code for LPAE 2015-06-01 23:48:19 +01:00
proc-v7.S ARM: make the physical-relative calculation more obvious 2016-02-17 00:28:39 +00:00
proc-v7m.S ARM: 8451/1: v7-M: Set an early stack for __v7m_setup 2015-11-16 18:34:38 +00:00
proc-xsc3.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-xscale.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
pv-fixup-asm.S ARM: re-implement physical address space switching 2015-06-01 23:46:33 +01:00
tcm.h ARM: 7694/1: ARM, TCM: initialize TCM in paging_init(), instead of setup_arch() 2013-04-17 16:53:24 +01:00
tlb-fa.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
tlb-v4.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
tlb-v4wb.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
tlb-v4wbi.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
tlb-v6.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
tlb-v7.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00