arm64: add missing PAGE_ALIGN() to __dma_free()

Message ID	20150429150917.14395.31269.email-sent-by-dnelson@teal (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org> Date: Wed, 29 Apr 2015 11:09:18 -0400 From: Dean Nelson <dnelson@redhat.com> To: linux-arm-kernel@lists.infradead.org Message-Id: <20150429150917.14395.31269.email-sent-by-dnelson@teal> Subject: [PATCH] arm64: add missing PAGE_ALIGN() to __dma_free() Cc: Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will.deacon@arm.com> Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Message ID

20150429150917.14395.31269.email-sent-by-dnelson@teal (mailing list archive)

State

New, archived

Headers

Date: Wed, 29 Apr 2015 11:09:18 -0400
From: Dean Nelson <dnelson@redhat.com>
To: linux-arm-kernel@lists.infradead.org
Message-Id: <20150429150917.14395.31269.email-sent-by-dnelson@teal>
Subject: [PATCH] arm64: add missing PAGE_ALIGN() to __dma_free()
Cc: Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will.deacon@arm.com>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Commit Message

Dean Nelson April 29, 2015, 3:09 p.m. UTC

__dma_alloc() does a PAGE_ALIGN() on the passed in size argument before
doing anything else. __dma_free() does not. And because it doesn't, it is
possible to leak memory should size not be an integer multiple of PAGE_SIZE.

The solution is to add a PAGE_ALIGN() to __dma_free() like is done in
__dma_alloc().

Additionally, this patch removes a redundant PAGE_ALIGN() from
__dma_alloc_coherent(), since __dma_alloc_coherent() can only be called
from __dma_alloc(), which already does a PAGE_ALIGN() before the call.

Signed-off-by: Dean Nelson <dnelson@redhat.com>
Cc: stable@vger.kernel.org
---
 arch/arm64/mm/dma-mapping.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Catalin Marinas April 29, 2015, 3:23 p.m. UTC | #1

On Wed, Apr 29, 2015 at 11:09:18AM -0400, Dean Nelson wrote:
> __dma_alloc() does a PAGE_ALIGN() on the passed in size argument before
> doing anything else. __dma_free() does not. And because it doesn't, it is
> possible to leak memory should size not be an integer multiple of PAGE_SIZE.
> 
> The solution is to add a PAGE_ALIGN() to __dma_free() like is done in
> __dma_alloc().
> 
> Additionally, this patch removes a redundant PAGE_ALIGN() from
> __dma_alloc_coherent(), since __dma_alloc_coherent() can only be called
> from __dma_alloc(), which already does a PAGE_ALIGN() before the call.
> 
> Signed-off-by: Dean Nelson <dnelson@redhat.com>
> Cc: stable@vger.kernel.org

Thanks for posting this:

Acked-by: Catalin Marinas <catalin.marinas@arm.com>

I guess Will is picking it up for 4.1

diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c
index ef7d112..6e5e687 100644
--- a/arch/arm64/mm/dma-mapping.c
+++ b/arch/arm64/mm/dma-mapping.c
@@ -105,7 +105,6 @@  static void *__dma_alloc_coherent(struct device *dev, size_t size,
 		struct page *page;
 		void *addr;
 
-		size = PAGE_ALIGN(size);
 		page = dma_alloc_from_contiguous(dev, size >> PAGE_SHIFT,
 							get_order(size));
 		if (!page)
@@ -195,6 +194,8 @@  static void __dma_free(struct device *dev, size_t size,
 {
 	void *swiotlb_addr = phys_to_virt(dma_to_phys(dev, dma_handle));
 
+	size = PAGE_ALIGN(size);
+
 	if (!is_device_dma_coherent(dev)) {
 		if (__free_from_pool(vaddr, size))
 			return;

arm64: add missing PAGE_ALIGN() to __dma_free()

Commit Message

Comments

Patch