Re: [PATCH v2] ARM: dma-mapping: always clear allocated buffers
Ping.
On 2018/7/25 15:07, YueHaibing wrote:
> Sean Wang reported dma_zalloc_coherent doesn't work as expect on his
> armv7,the allocated mem is not zeroed.The reason is __alloc_from_pool
> doesn't honor __GFP_ZERO.
>
> As commit 6829e274a623 ("arm64: dma-mapping: always clear allocated buffers")
> has pointed out,buffers allocated by dma_alloc_coherent() are always zeroed
> on most architectures. some drivers rely on this 'feature'. Allocated buffer
> might be also exposed to userspace with dma_mmap() call,so clearing it is
> desired from security point of view to avoid exposing random memory to
> userspace.
>
> This patch unifies dma_alloc_coherent() behavior on ARM architecture with
> other
> implementations by unconditionally zeroing allocated buffer.Also to fix
> dma_zalloc_coherent behavior.
>
> Reported-by: Sean Wang
> Signed-off-by: YueHaibing
> Reviewed-by: zhong jiang
> ---
> v2: reference more argument from arm64 commit as Christoph suggested
> ---
> arch/arm/mm/dma-mapping.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
> index 6656647..cf5882f 100644
> --- a/arch/arm/mm/dma-mapping.c
> +++ b/arch/arm/mm/dma-mapping.c
> @@ -564,6 +564,7 @@ static void *__alloc_from_pool(size_t size, struct page
> **ret_page)
>
> *ret_page = phys_to_page(phys);
> ptr = (void *)val;
> + memset(ptr, 0, size);
> }
>
> return ptr;
>
Re: [PATCH v2] ARM: dma-mapping: always clear allocated buffers
Russell, will you pick this patch?
On 2018/7/25 15:13, YueHaibing wrote:
> +CC Christoph Hellwig
>
> On 2018/7/25 15:07, YueHaibing wrote:
>> Sean Wang reported dma_zalloc_coherent doesn't work as expect on his
>> armv7,the allocated mem is not zeroed.The reason is __alloc_from_pool
>> doesn't honor __GFP_ZERO.
>>
>> As commit 6829e274a623 ("arm64: dma-mapping: always clear allocated buffers")
>> has pointed out,buffers allocated by dma_alloc_coherent() are always zeroed
>> on most architectures. some drivers rely on this 'feature'. Allocated buffer
>> might be also exposed to userspace with dma_mmap() call,so clearing it is
>> desired from security point of view to avoid exposing random memory to
>> userspace.
>>
>> This patch unifies dma_alloc_coherent() behavior on ARM architecture with
>> other
>> implementations by unconditionally zeroing allocated buffer.Also to fix
>> dma_zalloc_coherent behavior.
>>
>> Reported-by: Sean Wang
>> Signed-off-by: YueHaibing
>> Reviewed-by: zhong jiang
>> ---
>> v2: reference more argument from arm64 commit as Christoph suggested
>> ---
>> arch/arm/mm/dma-mapping.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
>> index 6656647..cf5882f 100644
>> --- a/arch/arm/mm/dma-mapping.c
>> +++ b/arch/arm/mm/dma-mapping.c
>> @@ -564,6 +564,7 @@ static void *__alloc_from_pool(size_t size, struct page
>> **ret_page)
>>
>> *ret_page = phys_to_page(phys);
>> ptr = (void *)val;
>> +memset(ptr, 0, size);
>> }
>>
>> return ptr;
>>
Re: [PATCH v2] ARM: dma-mapping: always clear allocated buffers
+CC Christoph Hellwig
On 2018/7/25 15:07, YueHaibing wrote:
> Sean Wang reported dma_zalloc_coherent doesn't work as expect on his
> armv7,the allocated mem is not zeroed.The reason is __alloc_from_pool
> doesn't honor __GFP_ZERO.
>
> As commit 6829e274a623 ("arm64: dma-mapping: always clear allocated buffers")
> has pointed out,buffers allocated by dma_alloc_coherent() are always zeroed
> on most architectures. some drivers rely on this 'feature'. Allocated buffer
> might be also exposed to userspace with dma_mmap() call,so clearing it is
> desired from security point of view to avoid exposing random memory to
> userspace.
>
> This patch unifies dma_alloc_coherent() behavior on ARM architecture with
> other
> implementations by unconditionally zeroing allocated buffer.Also to fix
> dma_zalloc_coherent behavior.
>
> Reported-by: Sean Wang
> Signed-off-by: YueHaibing
> Reviewed-by: zhong jiang
> ---
> v2: reference more argument from arm64 commit as Christoph suggested
> ---
> arch/arm/mm/dma-mapping.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
> index 6656647..cf5882f 100644
> --- a/arch/arm/mm/dma-mapping.c
> +++ b/arch/arm/mm/dma-mapping.c
> @@ -564,6 +564,7 @@ static void *__alloc_from_pool(size_t size, struct page
> **ret_page)
>
> *ret_page = phys_to_page(phys);
> ptr = (void *)val;
> + memset(ptr, 0, size);
> }
>
> return ptr;
>
[PATCH v2] ARM: dma-mapping: always clear allocated buffers
Sean Wang reported dma_zalloc_coherent doesn't work as expect on his
armv7,the allocated mem is not zeroed.The reason is __alloc_from_pool
doesn't honor __GFP_ZERO.
As commit 6829e274a623 ("arm64: dma-mapping: always clear allocated buffers")
has pointed out,buffers allocated by dma_alloc_coherent() are always zeroed
on most architectures. some drivers rely on this 'feature'. Allocated buffer
might be also exposed to userspace with dma_mmap() call,so clearing it is
desired from security point of view to avoid exposing random memory to
userspace.
This patch unifies dma_alloc_coherent() behavior on ARM architecture with other
implementations by unconditionally zeroing allocated buffer.Also to fix
dma_zalloc_coherent behavior.
Reported-by: Sean Wang
Signed-off-by: YueHaibing
Reviewed-by: zhong jiang
---
v2: reference more argument from arm64 commit as Christoph suggested
---
arch/arm/mm/dma-mapping.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
index 6656647..cf5882f 100644
--- a/arch/arm/mm/dma-mapping.c
+++ b/arch/arm/mm/dma-mapping.c
@@ -564,6 +564,7 @@ static void *__alloc_from_pool(size_t size, struct page
**ret_page)
*ret_page = phys_to_page(phys);
ptr = (void *)val;
+ memset(ptr, 0, size);
}
return ptr;
--
2.7.0
