dma: fix up broken comparison in dma_alloc_from_coherent

Message ID	1232488507.6794.8.camel@localhost.localdomain (mailing list archive)
State	Accepted
Delegated to:	Paul Mundt
Headers	show Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n0KLqElV027121 for <patchwork-sh@patchwork.kernel.org>; Tue, 20 Jan 2009 13:52:15 -0800 Subject: Re: [PATCH] dma: fix up broken comparison in dma_alloc_from_coherent From: Adrian McMenamin <adrian@newgolddream.dyndns.info> To: Adrian McMenamin <lkmladrian@gmail.com> Cc: LKML <linux-kernel@vger.kernel.org>, Paul Mundt <lethal@linux-sh.org>, Andrew Morton <akpm@linux-foundation.org>, linux-sh <linux-sh@vger.kernel.org>, penberg@cs.helsinki.fi, dbaryshkov@gmail.com, penguin-kernel@i-love.sakura.ne.jp In-Reply-To: <8b67d60901201348r6a59928dw3fcf8c9c823d5c68@mail.gmail.com> References: <8b67d60901201348r6a59928dw3fcf8c9c823d5c68@mail.gmail.com> Content-Type: text/plain Date: Tue, 20 Jan 2009 21:55:07 +0000 Message-Id: <1232488507.6794.8.camel@localhost.localdomain> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-sh-owner@vger.kernel.org Precedence: bulk

Message ID

1232488507.6794.8.camel@localhost.localdomain (mailing list archive)

State

Accepted

Delegated to:

Paul Mundt

Headers

Subject: Re: [PATCH] dma: fix up broken comparison in dma_alloc_from_coherent
From: Adrian McMenamin <adrian@newgolddream.dyndns.info>
To: Adrian McMenamin <lkmladrian@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>, Paul Mundt <lethal@linux-sh.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-sh <linux-sh@vger.kernel.org>, penberg@cs.helsinki.fi,
	dbaryshkov@gmail.com, penguin-kernel@i-love.sakura.ne.jp
In-Reply-To: <8b67d60901201348r6a59928dw3fcf8c9c823d5c68@mail.gmail.com>
References: <8b67d60901201348r6a59928dw3fcf8c9c823d5c68@mail.gmail.com>
Content-Type: text/plain
Date: Tue, 20 Jan 2009 21:55:07 +0000
Message-Id: <1232488507.6794.8.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-sh-owner@vger.kernel.org
Precedence: bulk

Commit Message

Adrian McMenamin Jan. 20, 2009, 9:55 p.m. UTC

On Tue, 2009-01-20 at 21:48 +0000, Adrian McMenamin wrote:
> Currently this code compares a size in bytes with a size in pages.
> This patch makes both sides of the comparison bytes.

Apologies, here it is without the line wrap.

Currently this comparison is made between bytes and pages. This patch
ensures it is bytes on both side of the comparison.

Signed-off-by: Adrian McMenamin <adrian@mcmen.demon.co.uk>
---


--
To unsubscribe from this list: send the line "unsubscribe linux-sh" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Paul Mundt Jan. 21, 2009, 3:39 a.m. UTC | #1

On Tue, Jan 20, 2009 at 09:55:07PM +0000, Adrian McMenamin wrote:
> On Tue, 2009-01-20 at 21:48 +0000, Adrian McMenamin wrote:
> > Currently this code compares a size in bytes with a size in pages.
> > This patch makes both sides of the comparison bytes.
> 
> Apologies, here it is without the line wrap.
> 
> Currently this comparison is made between bytes and pages. This patch
> ensures it is bytes on both side of the comparison.
> 
> Signed-off-by: Adrian McMenamin <adrian@mcmen.demon.co.uk>
> ---
> 
> --- a/kernel/dma-coherent.c
> +++ b/kernel/dma-coherent.c
> @@ -118,7 +118,7 @@ int dma_alloc_from_coherent(struct device *dev, ssize_t size,
>  	mem = dev->dma_mem;
>  	if (!mem)
>  		return 0;
> -	if (unlikely(size > mem->size))
> +	if (unlikely(size > mem->size << PAGE_SHIFT))
>   		return 0;
>  
>  	pageno = bitmap_find_free_region(mem->bitmap, mem->size, order);
> 
What is more concerning is that the change that introduced this:

commit 58c6d3dfe436eb8cfb451981d8fdc9044eaf42da
Author: Johannes Weiner <hannes@cmpxchg.org>
Date:   Tue Jan 6 14:43:10 2009 -0800

    dma-coherent: catch oversized requests to dma_alloc_from_coherent()

    Prevent passing an order to bitmap_find_free_region() that is larger than
    the actual bitmap can represent.

    These requests can come from device drivers that have no idea how big the
    dma region is and need to rely on dma_alloc_from_coherent() to sort it out
    for them.

    Reported-by: Guennadi Liakhovetski <lg@denx.de>
    Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
...

Claims to fix a problem that doesn't exist anywhere in-tree today, and was
obviously never tested. This looks like a sanity thing for drivers that derive
their coherent pool from passed in platform device resources.

It is equally impressive that the author of this patch modified a code path
that is only hit by platforms that provide dma_declare_coherent_memory() (sh,
arm, mips, and x86_32) and subsequently failed to Cc the primary users of the
interface.

I'll add your patch to my queue and send it off to Linus later today, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-sh" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--- a/kernel/dma-coherent.c
+++ b/kernel/dma-coherent.c
@@ -118,7 +118,7 @@  int dma_alloc_from_coherent(struct device *dev, ssize_t size,
 	mem = dev->dma_mem;
 	if (!mem)
 		return 0;
-	if (unlikely(size > mem->size))
+	if (unlikely(size > mem->size << PAGE_SHIFT))
  		return 0;
 
 	pageno = bitmap_find_free_region(mem->bitmap, mem->size, order);

dma: fix up broken comparison in dma_alloc_from_coherent

Commit Message

Comments

Patch