From 1f4b405621fe2a0a18ea98417f87717c6000ef4a Mon Sep 17 00:00:00 2001 From: Nicolas Saenz Julienne Date: Thu, 7 Nov 2019 16:06:44 +0100 Subject: [PATCH] dma-direct: check for overflows on 32 bit DMA addresses commit b12d66278dd627cbe1ea7c000aa4715aaf8830c8 upstream. As seen on the new Raspberry Pi 4 and sta2x11's DMA implementation it is possible for a device configured with 32 bit DMA addresses and a partial DMA mapping located at the end of the address space to overflow. It happens when a higher physical address, not DMAable, is translated to it's DMA counterpart. For example the Raspberry Pi 4, configurable up to 4 GB of memory, has an interconnect capable of addressing the lower 1 GB of physical memory with a DMA offset of 0xc0000000. It transpires that, any attempt to translate physical addresses higher than the first GB will result in an overflow which dma_capable() can't detect as it only checks for addresses bigger then the maximum allowed DMA address. Fix this by verifying in dma_capable() if the DMA address range provided is at any point lower than the minimum possible DMA address on the bus. Signed-off-by: Nicolas Saenz Julienne Signed-off-by: Christoph Hellwig --- include/linux/dma-direct.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index ba6e74f4b9aff..6a18a97b76a87 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -6,7 +6,7 @@ #include /* for min_low_pfn */ #include -extern unsigned int zone_dma_bits; +static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr); #ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA #include