linux/drivers/dma-buf
Vivek Kasireddy e658538c61 udmabuf: Set the DMA mask for the udmabuf device (v2)
commit 9e9fa6a919 upstream.

If the DMA mask is not set explicitly, the following warning occurs
when the userspace tries to access the dma-buf via the CPU as
reported by syzbot here:

WARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188
__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188
Modules linked in:
CPU: 0 PID: 3595 Comm: syz-executor249 Not tainted
5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188
Code: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d c0
83 b5 0d e9 db fe ff ff e8 b6 0f 13 00 0f 0b e8 af 0f 13 00 <0f> 0b 45
   31 e4 e9 54 ff ff ff e8 a0 0f 13 00 49 8d 7f 50 48 b8 00
RSP: 0018:ffffc90002a07d68 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88807e25e2c0 RSI: ffffffff81649e91 RDI: ffff88801b848408
RBP: ffff88801b848000 R08: 0000000000000002 R09: ffff88801d86c74f
R10: ffffffff81649d72 R11: 0000000000000001 R12: 0000000000000002
R13: ffff88801d86c680 R14: 0000000000000001 R15: 0000000000000000
FS:  0000555556e30300(0000) GS:ffff8880b9d00000(0000)
knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200000cc CR3: 000000001d74a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 dma_map_sgtable+0x70/0xf0 kernel/dma/mapping.c:264
 get_sg_table.isra.0+0xe0/0x160 drivers/dma-buf/udmabuf.c:72
 begin_cpu_udmabuf+0x130/0x1d0 drivers/dma-buf/udmabuf.c:126
 dma_buf_begin_cpu_access+0xfd/0x1d0 drivers/dma-buf/dma-buf.c:1164
 dma_buf_ioctl+0x259/0x2b0 drivers/dma-buf/dma-buf.c:363
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f62fcf530f9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89
f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe3edab9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f62fcf530f9
RDX: 0000000020000200 RSI: 0000000040086200 RDI: 0000000000000006
RBP: 00007f62fcf170e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f62fcf17170
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>

v2: Dont't forget to deregister if DMA mask setup fails.

Reported-by: syzbot+10e27961f4da37c443b2@syzkaller.appspotmail.com
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220520205235.3687336-1-vivek.kasireddy@intel.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-05 10:30:06 +02:00
..
heaps dma-buf: cma_heap: Fix mutex locking section 2022-03-08 19:12:37 +01:00
dma-buf-sysfs-stats.c dma-buf: Delete the DMA-BUF attachment sysfs statistics 2021-07-20 11:06:59 +02:00
dma-buf-sysfs-stats.h dma-buf: Delete the DMA-BUF attachment sysfs statistics 2021-07-20 11:06:59 +02:00
dma-buf.c dma-buf/poll: Get a file reference for outstanding fence callbacks 2022-07-12 16:34:51 +02:00
dma-fence-array.c dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() 2022-01-27 11:02:59 +01:00
dma-fence-chain.c dma-buf: some dma_fence_chain improvements 2021-06-14 19:33:16 +02:00
dma-fence.c drm/syncobj: use newly allocated stub fences 2021-04-08 12:21:13 +02:00
dma-heap.c dma-buf: heaps: Fix potential spectre v1 gadget 2022-02-08 18:34:06 +01:00
dma-resv.c dma-buf: fix dma_resv_test_signaled test_all handling v2 2021-07-08 14:59:08 +02:00
Kconfig dma-buf: DMABUF_SYSFS_STATS should depend on DMA_SHARED_BUFFER 2021-09-07 12:42:21 +05:30
Makefile dmabuf: Add the capability to expose DMA-BUF stats in sysfs 2021-06-15 11:50:24 +02:00
selftest.c dma-buf: Introduce selftesting framework 2019-08-19 18:01:34 +01:00
selftest.h dma-buf: Introduce selftesting framework 2019-08-19 18:01:34 +01:00
selftests.h Merge drm/drm-next into drm-intel-next-queued 2020-06-25 18:05:03 +03:00
seqno-fence.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
st-dma-fence-chain.c dma-buf: add dma_fence_chain_alloc/free v3 2021-06-14 19:38:34 +02:00
st-dma-fence.c dma-buf: Avoid comma separated statements 2021-02-09 17:14:11 +01:00
sw_sync.c compat_ioctl: move more drivers to compat_ptr_ioctl 2019-10-23 17:23:44 +02:00
sync_debug.c Linux 5.2-rc5 2019-06-19 12:07:29 +02:00
sync_debug.h
sync_file.c dma-buf/sync_file: Don't leak fences on merge failure 2021-07-12 13:34:49 +02:00
sync_trace.h
udmabuf.c udmabuf: Set the DMA mask for the udmabuf device (v2) 2022-09-05 10:30:06 +02:00