Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 06cb238b authored by Linus Torvalds's avatar Linus Torvalds Committed by Greg Kroah-Hartman
Browse files

Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" 

commit 901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544 upstream.

Halil Pasic points out [1] that the full revert of that commit (revert
in bddac7c1e02b), and that a partial revert that only reverts the
problematic case, but still keeps some of the cleanups is probably
better.  

And that partial revert [2] had already been verified by Oleksandr
Natalenko to also fix the issue, I had just missed that in the long
discussion.

So let's reinstate the cleanups from commit aa6f8dcbab47 ("swiotlb:
rework "fix info leak with DMA_FROM_DEVICE""), and effectively only
revert the part that caused problems.

Link: https://lore.kernel.org/all/20220328013731.017ae3e3.pasic@linux.ibm.com/ [1]
Link: https://lore.kernel.org/all/20220324055732.GB12078@lst.de/ [2]
Link: https://lore.kernel.org/all/4386660.LvFx2qVVIh@natalenko.name/

 [3]
Suggested-by: default avatarHalil Pasic <pasic@linux.ibm.com>
Tested-by: default avatarOleksandr Natalenko <oleksandr@natalenko.name>
Cc: Christoph Hellwig" <hch@lst.de>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
[OP: backport to 4.19: adjusted context]
Signed-off-by: default avatarOvidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 8d9ac1b6

Documentation/DMA-attributes.txt

+0 −10
Original line number Diff line number Diff line
@@ -156,13 +156,3 @@ accesses to DMA buffers in both privileged "supervisor" and unprivileged 
subsystem that the buffer is fully accessible at the elevated privilege

level (and ideally inaccessible or at least read-only at the

lesser-privileged levels).
 


DMA_ATTR_PRIVILEGED

-------------------



Some advanced peripherals such as remote processors and GPUs perform

accesses to DMA buffers in both privileged "supervisor" and unprivileged

"user" modes.  This attribute is used to indicate to the DMA-mapping

subsystem that the buffer is fully accessible at the elevated privilege

level (and ideally inaccessible or at least read-only at the

lesser-privileged levels).

include/linux/dma-mapping.h

+0 −8
Original line number Diff line number Diff line
@@ -70,14 +70,6 @@ 
 */

#define DMA_ATTR_PRIVILEGED		(1UL << 9)



/*

 * This is a hint to the DMA-mapping subsystem that the device is expected

 * to overwrite the entire mapped size, thus the caller does not require any

 * of the previous buffer contents to be preserved. This allows

 * bounce-buffering implementations to optimise DMA_FROM_DEVICE transfers.

 */

#define DMA_ATTR_OVERWRITE		(1UL << 10)



/*

 * A dma_addr_t can hold any valid DMA or bus address for the platform.

 * It can be given to a device to use as a DMA source or target.  A CPU cannot

kernel/dma/swiotlb.c

+8 −5
Original line number Diff line number Diff line
@@ -587,11 +587,14 @@ phys_addr_t swiotlb_tbl_map_single(struct device *hwdev, 
	 */

	for (i = 0; i < nslots; i++)

		io_tlb_orig_addr[index+i] = orig_addr + (i << IO_TLB_SHIFT);

	if (!(attrs & DMA_ATTR_SKIP_CPU_SYNC) &&

	    (!(attrs & DMA_ATTR_OVERWRITE) || dir == DMA_TO_DEVICE ||

	    dir == DMA_BIDIRECTIONAL))

	/*

	 * When dir == DMA_FROM_DEVICE we could omit the copy from the orig

	 * to the tlb buffer, if we knew for sure the device will

	 * overwirte the entire current content. But we don't. Thus

	 * unconditional bounce may prevent leaking swiotlb content (i.e.

	 * kernel memory) to user-space.

	 */

	swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE);



	return tlb_addr;

}