| From a0e710a7def471b8eb779ff551fc27701da49599 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| Date: Thu, 14 May 2020 13:27:11 +0200 |
| Subject: USB: usbfs: fix mmap dma mismatch |
| |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| commit a0e710a7def471b8eb779ff551fc27701da49599 upstream. |
| |
| In commit 2bef9aed6f0e ("usb: usbfs: correct kernel->user page attribute |
| mismatch") we switched from always calling remap_pfn_range() to call |
| dma_mmap_coherent() to handle issues with systems with non-coherent USB host |
| controller drivers. Unfortunatly, as syzbot quickly told us, not all the world |
| is host controllers with DMA support, so we need to check what host controller |
| we are attempting to talk to before doing this type of allocation. |
| |
| Thanks to Christoph for the quick idea of how to fix this. |
| |
| Fixes: 2bef9aed6f0e ("usb: usbfs: correct kernel->user page attribute mismatch") |
| Cc: Christoph Hellwig <hch@lst.de> |
| Cc: Hillf Danton <hdanton@sina.com> |
| Cc: Thomas Gleixner <tglx@linutronix.de> |
| Cc: Jeremy Linton <jeremy.linton@arm.com> |
| Cc: stable <stable@vger.kernel.org> |
| Reported-by: syzbot+353be47c9ce21b68b7ed@syzkaller.appspotmail.com |
| Reviewed-by: Jeremy Linton <jeremy.linton@arm.com> |
| Reviewed-by: Christoph Hellwig <hch@lst.de> |
| Link: https://lore.kernel.org/r/20200514112711.1858252-1-gregkh@linuxfoundation.org |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/usb/core/devio.c | 16 +++++++++++++--- |
| 1 file changed, 13 insertions(+), 3 deletions(-) |
| |
| --- a/drivers/usb/core/devio.c |
| +++ b/drivers/usb/core/devio.c |
| @@ -251,9 +251,19 @@ static int usbdev_mmap(struct file *file |
| usbm->vma_use_count = 1; |
| INIT_LIST_HEAD(&usbm->memlist); |
| |
| - if (dma_mmap_coherent(hcd->self.sysdev, vma, mem, dma_handle, size)) { |
| - dec_usb_memory_use_count(usbm, &usbm->vma_use_count); |
| - return -EAGAIN; |
| + if (hcd->localmem_pool || !hcd_uses_dma(hcd)) { |
| + if (remap_pfn_range(vma, vma->vm_start, |
| + virt_to_phys(usbm->mem) >> PAGE_SHIFT, |
| + size, vma->vm_page_prot) < 0) { |
| + dec_usb_memory_use_count(usbm, &usbm->vma_use_count); |
| + return -EAGAIN; |
| + } |
| + } else { |
| + if (dma_mmap_coherent(hcd->self.sysdev, vma, mem, dma_handle, |
| + size)) { |
| + dec_usb_memory_use_count(usbm, &usbm->vma_use_count); |
| + return -EAGAIN; |
| + } |
| } |
| |
| vma->vm_flags |= VM_IO; |