On Tue, Jun 22, 2021 at 10:24 PM Jernej Skrabec
<jernej.skrabec@xxxxxxxxx> wrote:
>
> It turns out that if CONFIG_VMAP_STACK is enabled and src or dst is
> memory allocated on stack, SDIO operations fail due to invalid memory
> address conversion:
Thank you for sending this!
It's worth pointing out that even without CONFIG_VMAP_STACK, using
dma_map_sg() on a stack variable is broken, though it will appear to
work most of the time but rarely cause a stack data corruption when
the cache management goes wrong.
This clearly needs to be fixed somewhere, if not with your patch, then
a similar one.
> diff --git a/drivers/net/wireless/st/cw1200/hwio.c b/drivers/net/wireless/st/cw1200/hwio.c
> index 3ba462de8e91..5521cb7f2233 100644
> --- a/drivers/net/wireless/st/cw1200/hwio.c
> +++ b/drivers/net/wireless/st/cw1200/hwio.c
> @@ -66,33 +66,65 @@ static int __cw1200_reg_write(struct cw1200_common *priv, u16 addr,
> static inline int __cw1200_reg_read_32(struct cw1200_common *priv,
> u16 addr, u32 *val)
> {
> - __le32 tmp;
> - int i = __cw1200_reg_read(priv, addr, &tmp, sizeof(tmp), 0);
> - *val = le32_to_cpu(tmp);
> + __le32 *tmp;
> + int i;
> +
> + tmp = kmalloc(sizeof(*tmp), GFP_KERNEL);
> + if (!tmp)
> + return -ENOMEM;
> +
> + i = __cw1200_reg_read(priv, addr, tmp, sizeof(*tmp), 0);
> + *val = le32_to_cpu(*tmp);
> + kfree(tmp);
> return i;
> }
There is a possible problem here when the function gets called from
atomic context, so it might need to use GFP_ATOMIC instead of
GFP_KERNEL. If it's never called from atomic context, then this patch
looks correct to me.
The alternative would be to add a bounce buffer check based on
is_vmalloc_or_module_addr() in sdio_io_rw_ext_helper(), which would
add a small bit of complexity there but solve the problem for
all drivers at once. In this case, it would probably have to use
GFP_ATOMIC regardless of whether __cw1200_reg_read_32()
is allowed to sleep, since other callers might not.
Arnd
