swiotlb: Enforce page alignment in swiotlb_alloc()

Fabio Estevam <festevam@xxxxxxxxx> · Mon, 17 Jun 2024 11:23:13 -0300

From: Will Deacon <will@xxxxxxxxxx>

commit 823353b7cf0ea9dfb09f5181d5fb2825d727200b upstream.

When allocating pages from a restricted DMA pool in swiotlb_alloc(),
the buffer address is blindly converted to a 'struct page *' that is
returned to the caller. In the unlikely event of an allocation bug,
page-unaligned addresses are not detected and slots can silently be
double-allocated.

Add a simple check of the buffer alignment in swiotlb_alloc() to make
debugging a little easier if something has gone wonky.

Cc: stable@xxxxxxxxxxxxxxx # v6.6+
Signed-off-by: Will Deacon <will@xxxxxxxxxx>
Reviewed-by: Michael Kelley <mhklinux@xxxxxxxxxxx>
Reviewed-by: Petr Tesarik <petr.tesarik1@xxxxxxxxxxxxxxxxxxx>
Tested-by: Nicolin Chen <nicolinc@xxxxxxxxxx>
Tested-by: Michael Kelley <mhklinux@xxxxxxxxxxx>
Signed-off-by: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Fabio Estevam <festevam@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 kernel/dma/swiotlb.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c
@@ -1627,6 +1627,12 @@ struct page *swiotlb_alloc(struct device
 		return NULL;
 
 	tlb_addr = slot_addr(pool->start, index);
+	if (unlikely(!PAGE_ALIGNED(tlb_addr))) {
+		dev_WARN_ONCE(dev, 1, "Cannot allocate pages from non page-aligned swiotlb addr 0x%pa.\n",
+			      &tlb_addr);
+		swiotlb_release_slots(dev, tlb_addr);
+		return NULL;
+	}
 
 	return pfn_to_page(PFN_DOWN(tlb_addr));
 }


Patches currently in stable-queue which might be from kroah.com@xxxxxxxxxxxxxxx are

queue-6.6/swiotlb-enforce-page-alignment-in-swiotlb_alloc.patch
queue-6.6/xfs-shrink-failure-needs-to-hold-agi-buffer.patch
queue-6.6/xfs-fix-scrub-stats-file-permissions.patch
queue-6.6/swiotlb-extend-buffer-pre-padding-to-alloc_align_mask-if-necessary.patch
queue-6.6/xfs-fix-imprecise-logic-in-xchk_btree_check_block_owner.patch
queue-6.6/xfs-ensure-submit-buffers-on-lsn-boundaries-in-error-handlers.patch
queue-6.6/xfs-fix-seek_hole-data-for-regions-with-active-cow-extents.patch
queue-6.6/xfs-don-t-use-current-journal_info.patch
queue-6.6/xfs-allow-cross-linking-special-files-without-project-quota.patch
queue-6.6/xfs-allow-sunit-mount-option-to-repair-bad-primary-sb-stripe-values.patch
queue-6.6/swiotlb-reinstate-page-alignment-for-mappings-page_size.patch







