Search Linux Wireless

Re: [RFC PATCH] cw1200: use kmalloc() allocation instead of stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 22, 2021 at 10:24 PM Jernej Skrabec
<jernej.skrabec@xxxxxxxxx> wrote:
>
> It turns out that if CONFIG_VMAP_STACK is enabled and src or dst is
> memory allocated on stack, SDIO operations fail due to invalid memory
> address conversion:

Thank you for sending this!

It's worth pointing out that even without CONFIG_VMAP_STACK, using
dma_map_sg() on a stack variable is broken, though it will appear to
work most of the time but rarely cause a stack data corruption when
the cache management goes wrong.

This clearly needs to be fixed somewhere, if not with your patch, then
a similar one.

> diff --git a/drivers/net/wireless/st/cw1200/hwio.c b/drivers/net/wireless/st/cw1200/hwio.c
> index 3ba462de8e91..5521cb7f2233 100644
> --- a/drivers/net/wireless/st/cw1200/hwio.c
> +++ b/drivers/net/wireless/st/cw1200/hwio.c
> @@ -66,33 +66,65 @@ static int __cw1200_reg_write(struct cw1200_common *priv, u16 addr,
>  static inline int __cw1200_reg_read_32(struct cw1200_common *priv,
>                                         u16 addr, u32 *val)
>  {
> -       __le32 tmp;
> -       int i = __cw1200_reg_read(priv, addr, &tmp, sizeof(tmp), 0);
> -       *val = le32_to_cpu(tmp);
> +       __le32 *tmp;
> +       int i;
> +
> +       tmp = kmalloc(sizeof(*tmp), GFP_KERNEL);
> +       if (!tmp)
> +               return -ENOMEM;
> +
> +       i = __cw1200_reg_read(priv, addr, tmp, sizeof(*tmp), 0);
> +       *val = le32_to_cpu(*tmp);
> +       kfree(tmp);
>         return i;
>  }

There is a possible problem here when the function gets called from
atomic context, so it might need to use GFP_ATOMIC instead of
GFP_KERNEL. If it's never called from atomic context, then this patch
looks correct to me.

The alternative would be to add a bounce buffer check based on
is_vmalloc_or_module_addr() in sdio_io_rw_ext_helper(), which would
add a small bit of complexity there but solve the problem for
all drivers at once. In this case, it would probably have to use
GFP_ATOMIC regardless of whether __cw1200_reg_read_32()
is allowed to sleep, since other callers might not.

      Arnd



[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux