From: FUJITA Tomonori Date: Wed, 16 Jul 2008 18:33:35 +0000 (+0200) Subject: ide: avoid DMA on the stack for REQ_TYPE_ATA_PC X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0b6abc17700a7843b165c677da0ac94522f83083;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git ide: avoid DMA on the stack for REQ_TYPE_ATA_PC Some REQ_TYPE_ATA_PC commands uses the stack buffers for DMA, which leads to memory corruption on a non-coherent platform. With regard to alignment and padding, ide-cd has the the dma safe check for sg requests and REQ_TYPE_ATA_PC. This adds the stack buffer check to that check. Signed-off-by: FUJITA Tomonori Acked-by: Borislav Petkov Cc: Thomas Bogendoerfer Cc: Tejun Heo Cc: Jens Axboe Cc: James Bottomley Signed-off-by: Andrew Morton Signed-off-by: Bartlomiej Zolnierkiewicz --- diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c index d99847157186..d6667c36568c 100644 --- a/drivers/ide/ide-cd.c +++ b/drivers/ide/ide-cd.c @@ -1195,6 +1195,7 @@ static ide_startstop_t cdrom_do_block_pc(ide_drive_t *drive, struct request *rq) int mask = drive->queue->dma_alignment; unsigned long addr = (unsigned long)page_address(bio_page(rq->bio)); + unsigned long stack_mask = ~(THREAD_SIZE - 1); info->dma = drive->using_dma; @@ -1206,6 +1207,10 @@ static ide_startstop_t cdrom_do_block_pc(ide_drive_t *drive, struct request *rq) */ if ((rq->data_len & 15) || (addr & mask)) info->dma = 0; + + if (!((addr & stack_mask) ^ + ((unsigned long)current->stack & stack_mask))) + info->dma = 0; } /* start sending the command to the drive */