From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by kanga.kvack.org (Postfix) with ESMTP id 4AB516B513D for ; Thu, 30 Aug 2018 07:41:34 -0400 (EDT) Received: by mail-wr1-f71.google.com with SMTP id 4-v6so5573794wra.18 for ; Thu, 30 Aug 2018 04:41:34 -0700 (PDT) Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id y6-v6sor4673827wrh.27.2018.08.30.04.41.32 for (Google Transport Security); Thu, 30 Aug 2018 04:41:33 -0700 (PDT) From: Andrey Konovalov Subject: [PATCH v6 08/11] usb, arm64: untag user addresses in devio Date: Thu, 30 Aug 2018 13:41:13 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org List-ID: To: Catalin Marinas , Will Deacon , Mark Rutland , Robin Murphy , Al Viro , Andrey Konovalov , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Dmitry Vyukov , Kostya Serebryany , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Chintan Pandya devio allows to mmap memory regions and keeps them in a list. It also accepts a user address through an ioctl call and searches the memory region list for the region that contains this address. Since the addresses provided to mmap must not be tagged, and the addresses provided to ioctl might be tagged, we might compare tagged and untagged addresses during the search. Untag the provided addresses before searching. Signed-off-by: Andrey Konovalov --- drivers/usb/core/devio.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 6ce77b33da61..ed5ab7c8100b 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1405,7 +1405,7 @@ find_memory_area(struct usb_dev_state *ps, const struct usbdevfs_urb *uurb) { struct usb_memory *usbm = NULL, *iter; unsigned long flags; - unsigned long uurb_start = (unsigned long)uurb->buffer; + unsigned long uurb_start = (unsigned long)untagged_addr(uurb->buffer); spin_lock_irqsave(&ps->lock, flags); list_for_each_entry(iter, &ps->memory_list, memlist) { @@ -1634,7 +1634,8 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb } } else if (uurb->buffer_length > 0) { if (as->usbm) { - unsigned long uurb_start = (unsigned long)uurb->buffer; + unsigned long uurb_start = + (unsigned long)untagged_addr(uurb->buffer); as->urb->transfer_buffer = as->usbm->mem + (uurb_start - as->usbm->vm_start); @@ -1713,7 +1714,8 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb as->ps = ps; as->userurb = arg; if (as->usbm) { - unsigned long uurb_start = (unsigned long)uurb->buffer; + unsigned long uurb_start = + (unsigned long)untagged_addr(uurb->buffer); as->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; as->urb->transfer_dma = as->usbm->dma_handle + -- 2.19.0.rc0.228.g281dcd1b4d0-goog