review.tizen.org Git - platform/kernel/linux-amlogic.git/commit

author	Sherry Sun <sherry.sun@nxp.com>
	Tue, 29 Sep 2020 09:11:05 +0000 (17:11 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 29 Oct 2020 08:05:43 +0000 (09:05 +0100)
commit	cc7a10623ac2cc48132db2911a4e1267ee398c62
tree	b4a76080e89d27b0f2335003c21c769c5719374f	tree \| snapshot
parent	b0b36f6ecc129a35c3f2cdec8c68afd64a999b26	commit \| diff

misc: vop: add round_up(x,4) for vring_size to avoid kernel panic

[ Upstream commit cc1a2679865a94b83804822996eed010a50a7c1d ]

Since struct _mic_vring_info and vring are allocated together and follow
vring, if the vring_size() is not four bytes aligned, which will cause
the start address of struct _mic_vring_info is not four byte aligned.
For example, when vring entries is 128, the vring_size() will be 5126
bytes. The _mic_vring_info struct layout in ddr looks like:
0x90002400: 00000000 00390000 EE010000 0000C0FF
Here 0x39 is the avail_idx member, and 0xC0FFEE01 is the magic member.

When EP use ioread32(magic) to reads the magic in RC's share memory, it
will cause kernel panic on ARM64 platform due to the cross-byte io read.
Here read magic in user space use le32toh(vr0->info->magic) will meet
the same issue.
So add round_up(x,4) for vring_size, then the struct _mic_vring_info
will store in this way:
0x90002400: 00000000 00000000 00000039 C0FFEE01
Which will avoid kernel panic when read magic in struct _mic_vring_info.

Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Signed-off-by: Joakim Zhang <qiangqing.zhang@nxp.com>
Link: https://lore.kernel.org/r/20200929091106.24624-4-sherry.sun@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/misc/mic/vop/vop_main.c		diff \| blob \| history
drivers/misc/mic/vop/vop_vringh.c		diff \| blob \| history
samples/mic/mpssd/mpssd.c		diff \| blob \| history