From 97129986e39158e0c9fdb7f68361280dca8b7ab8 Mon Sep 17 00:00:00 2001 From: Guan Jing Date: Thu, 7 Mar 2024 08:27:55 +0000 Subject: [PATCH 1/2] spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails stable inclusion from stable-5.10.37 commit 5980a3b9c933408bc22b0e349b78c3ebd7cbf880 category: bugfix bugzilla: 189606 CVE: CVE-2021-47047 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5980a3b9c933408bc22b0e349b78c3ebd7cbf880 -------------------------------- [ Upstream commit 126bdb606fd2802454e6048caef1be3e25dd121e ] The spi controller supports 44-bit address space on AXI in DMA mode, so set dma_addr_t width to 44-bit to avoid using a swiotlb mapping. In addition, if dma_map_single fails, it should return immediately instead of continuing doing the DMA operation which bases on invalid address. This fixes the following crash which occurs in reading a big block from flash: [ 123.633577] zynqmp-qspi ff0f0000.spi: swiotlb buffer is full (sz: 4194304 bytes), total 32768 (slots), used 0 (slots) [ 123.644230] zynqmp-qspi ff0f0000.spi: ERR:rxdma:memory not mapped [ 123.784625] Unable to handle kernel paging request at virtual address 00000000003fffc0 [ 123.792536] Mem abort info: [ 123.795313] ESR = 0x96000145 [ 123.798351] EC = 0x25: DABT (current EL), IL = 32 bits [ 123.803655] SET = 0, FnV = 0 [ 123.806693] EA = 0, S1PTW = 0 [ 123.809818] Data abort info: [ 123.812683] ISV = 0, ISS = 0x00000145 [ 123.816503] CM = 1, WnR = 1 [ 123.819455] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000805047000 [ 123.825887] [00000000003fffc0] pgd=0000000803b45003, p4d=0000000803b45003, pud=0000000000000000 [ 123.834586] Internal error: Oops: 96000145 [#1] PREEMPT SMP Fixes: 1c26372e5aa9 ("spi: spi-zynqmp-gqspi: Update driver to use spi-mem framework") Signed-off-by: Quanyang Wang Link: https://lore.kernel.org/r/20210416004652.2975446-6-quanyang.wang@windriver.com Signed-off-by: Mark Brown Signed-off-by: Sasha Levin Signed-off-by: Chen Jun Acked-by: Weilong Chen Signed-off-by: Zheng Zengkai Signed-off-by: Guan Jing --- drivers/spi/spi-zynqmp-gqspi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/spi/spi-zynqmp-gqspi.c b/drivers/spi/spi-zynqmp-gqspi.c index cc4d31033494..6d072471c4f8 100644 --- a/drivers/spi/spi-zynqmp-gqspi.c +++ b/drivers/spi/spi-zynqmp-gqspi.c @@ -1088,6 +1088,8 @@ static int zynqmp_qspi_probe(struct platform_device *pdev) goto clk_dis_all; } + dma_set_mask(&pdev->dev, DMA_BIT_MASK(44)); + master->num_chipselect = GQSPI_DEFAULT_NUM_CS; master->setup = zynqmp_qspi_setup; -- Gitee From 3954268f759aca196141b48c601ec33d6384659a Mon Sep 17 00:00:00 2001 From: Guan Jing Date: Thu, 7 Mar 2024 08:27:56 +0000 Subject: [PATCH 2/2] spi: spi-zynqmp-gqspi: Handle error for dma_set_mask stable inclusion from stable-v5.10.110 commit b7940bef6f21f23955661d476c9760e6b046d21b category: bugfix bugzilla: 189606 CVE: CVE-2021-47047 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b7940bef6f21f23955661d476c9760e6b046d21b -------------------------------- [ Upstream commit 13262fc26c1837c51a5131dbbdd67a2387f8bfc7 ] As the potential failure of the dma_set_mask(), it should be better to check it and return error if fails. Fixes: 126bdb606fd2 ("spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails") Signed-off-by: Jiasheng Jiang Link: https://lore.kernel.org/r/20220302092051.121343-1-jiasheng@iscas.ac.cn Signed-off-by: Mark Brown Signed-off-by: Sasha Levin Signed-off-by: Yu Liao Signed-off-by: Guan Jing --- drivers/spi/spi-zynqmp-gqspi.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/spi/spi-zynqmp-gqspi.c b/drivers/spi/spi-zynqmp-gqspi.c index 6d072471c4f8..1ce53b92e681 100644 --- a/drivers/spi/spi-zynqmp-gqspi.c +++ b/drivers/spi/spi-zynqmp-gqspi.c @@ -1088,7 +1088,9 @@ static int zynqmp_qspi_probe(struct platform_device *pdev) goto clk_dis_all; } - dma_set_mask(&pdev->dev, DMA_BIT_MASK(44)); + ret = dma_set_mask(&pdev->dev, DMA_BIT_MASK(44)); + if (ret) + goto clk_dis_all; master->num_chipselect = GQSPI_DEFAULT_NUM_CS; -- Gitee