releases/5.4.160/ath10k-fix-invalid-dma_addr_t-token-assignment.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 937e79c67740d1d84736730d679f3cb2552f990e Mon Sep 17 00:00:00 2001
 From: Arnd Bergmann <arnd@arndb.de>
 Date: Wed, 20 Oct 2021 11:59:07 +0300
 Subject: ath10k: fix invalid dma_addr_t token assignment

 From: Arnd Bergmann <arnd@arndb.de>

 commit 937e79c67740d1d84736730d679f3cb2552f990e upstream.

 Using a kernel pointer in place of a dma_addr_t token can
 lead to undefined behavior if that makes it into cache
 management functions. The compiler caught one such attempt
 in a cast:

 drivers/net/wireless/ath/ath10k/mac.c: In function 'ath10k_add_interface':
 drivers/net/wireless/ath/ath10k/mac.c:5586:47: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
  5586 |                         arvif->beacon_paddr = (dma_addr_t)arvif->beacon_buf;
       |                                               ^

 Looking through how this gets used down the way, I'm fairly
 sure that beacon_paddr is never accessed again for ATH10K_DEV_TYPE_HL
 devices, and if it was accessed, that would be a bug.

 Change the assignment to use a known-invalid address token
 instead, which avoids the warning and makes it easier to catch
 bugs if it does end up getting used.

 Fixes: e263bdab9c0e ("ath10k: high latency fixes for beacon buffer")
 Signed-off-by: Arnd Bergmann <arnd@arndb.de>
 Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 Link: https://lore.kernel.org/r/20211014075153.3655910-1-arnd@kernel.org
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  drivers/net/wireless/ath/ath10k/mac.c |   10 +++++++++-
  1 file changed, 9 insertions(+), 1 deletion(-)

 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
 @@ -5258,7 +5258,15 @@ static int ath10k_add_interface(struct i
  		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
  			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
  						    GFP_KERNEL);
 -			arvif->beacon_paddr = (dma_addr_t)arvif->beacon_buf;
 +
 +			/* Using a kernel pointer in place of a dma_addr_t
 +			 * token can lead to undefined behavior if that
 +			 * makes it into cache management functions. Use a
 +			 * known-invalid address token instead, which
 +			 * avoids the warning and makes it easier to catch
 +			 * bugs if it does end up getting used.
 +			 */
 +			arvif->beacon_paddr = DMA_MAPPING_ERROR;
  		} else {
  			arvif->beacon_buf =
  				dma_alloc_coherent(ar->dev,
	From 937e79c67740d1d84736730d679f3cb2552f990e Mon Sep 17 00:00:00 2001
	From: Arnd Bergmann <arnd@arndb.de>
	Date: Wed, 20 Oct 2021 11:59:07 +0300
	Subject: ath10k: fix invalid dma_addr_t token assignment

	From: Arnd Bergmann <arnd@arndb.de>

	commit 937e79c67740d1d84736730d679f3cb2552f990e upstream.

	Using a kernel pointer in place of a dma_addr_t token can
	lead to undefined behavior if that makes it into cache
	management functions. The compiler caught one such attempt
	in a cast:

	drivers/net/wireless/ath/ath10k/mac.c: In function 'ath10k_add_interface':
	drivers/net/wireless/ath/ath10k/mac.c:5586:47: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
	5586 \| arvif->beacon_paddr = (dma_addr_t)arvif->beacon_buf;
	\| ^

	Looking through how this gets used down the way, I'm fairly
	sure that beacon_paddr is never accessed again for ATH10K_DEV_TYPE_HL
	devices, and if it was accessed, that would be a bug.

	Change the assignment to use a known-invalid address token
	instead, which avoids the warning and makes it easier to catch
	bugs if it does end up getting used.

	Fixes: e263bdab9c0e ("ath10k: high latency fixes for beacon buffer")
	Signed-off-by: Arnd Bergmann <arnd@arndb.de>
	Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
	Link: https://lore.kernel.org/r/20211014075153.3655910-1-arnd@kernel.org
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	drivers/net/wireless/ath/ath10k/mac.c \| 10 +++++++++-
	1 file changed, 9 insertions(+), 1 deletion(-)

	--- a/drivers/net/wireless/ath/ath10k/mac.c
	+++ b/drivers/net/wireless/ath/ath10k/mac.c
	@@ -5258,7 +5258,15 @@ static int ath10k_add_interface(struct i
	if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
	arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
	GFP_KERNEL);
	- arvif->beacon_paddr = (dma_addr_t)arvif->beacon_buf;
	+
	+ /* Using a kernel pointer in place of a dma_addr_t
	+ * token can lead to undefined behavior if that
	+ * makes it into cache management functions. Use a
	+ * known-invalid address token instead, which
	+ * avoids the warning and makes it easier to catch
	+ * bugs if it does end up getting used.
	+ */
	+ arvif->beacon_paddr = DMA_MAPPING_ERROR;
	} else {
	arvif->beacon_buf =
	dma_alloc_coherent(ar->dev,