driver inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ICUGZ2 ---------------------------------------------------------------------- Make Invalid may cause data loss, which is too dangereous to be exposed to userspace, so invalidate it then. Fixes: e6ecc3b028b8 ("soc cache: Add framework driver for HiSilicon SoC cache") Signed-off-by: Yushan Wang <wangyushan12@huawei.com> Signed-off-by: Hongye Lin <linhongye@h-partners.com> --- drivers/soc/hisilicon/hisi_soc_cache_framework.c | 4 ++++ drivers/soc/hisilicon/hisi_soc_hha.c | 7 ++++++- include/uapi/misc/hisi_soc_cache/hisi_soc_cache.h | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/soc/hisilicon/hisi_soc_cache_framework.c b/drivers/soc/hisilicon/hisi_soc_cache_framework.c index 1782e6a44668..6e3b128df4e7 100644 --- a/drivers/soc/hisilicon/hisi_soc_cache_framework.c +++ b/drivers/soc/hisilicon/hisi_soc_cache_framework.c @@ -200,6 +200,10 @@ static int __hisi_soc_cache_maintain(unsigned long __user vaddr, size_t size, struct vm_area_struct *vma; int ret = 0; + /* MakeInvalid is not allowed for calls from userspace. */ + if (mnt_type >= HISI_CACHE_MAINT_MAKEINVALID) + return -EINVAL; + mmap_read_lock_killable(current->mm); vma = vma_lookup(current->mm, vaddr); diff --git a/drivers/soc/hisilicon/hisi_soc_hha.c b/drivers/soc/hisilicon/hisi_soc_hha.c index 2b6ded47d4fe..22a1ec8b8fc9 100644 --- a/drivers/soc/hisilicon/hisi_soc_hha.c +++ b/drivers/soc/hisilicon/hisi_soc_hha.c @@ -61,13 +61,18 @@ static int hisi_hha_cache_do_maintain(struct hisi_soc_comp *comp, { struct hisi_soc_hha *soc_hha = container_of(comp, struct hisi_soc_hha, comp); + phys_addr_t top; int ret = 0; u32 reg; if (!size) return -EINVAL; - if (mnt_type < 0) + addr = ALIGN_DOWN(addr, HISI_HHA_MAINT_ALIGN); + top = ALIGN(addr + size, HISI_HHA_MAINT_ALIGN); + size = top - addr; + + if (mnt_type < 0 || mnt_type >= HISI_CACHE_MAINT_MAX) return -EOPNOTSUPP; /* diff --git a/include/uapi/misc/hisi_soc_cache/hisi_soc_cache.h b/include/uapi/misc/hisi_soc_cache/hisi_soc_cache.h index 5441f6f75b81..8b190941c805 100644 --- a/include/uapi/misc/hisi_soc_cache/hisi_soc_cache.h +++ b/include/uapi/misc/hisi_soc_cache/hisi_soc_cache.h @@ -15,7 +15,9 @@ enum hisi_soc_cache_maint_type { HISI_CACHE_MAINT_CLEANSHARED, HISI_CACHE_MAINT_CLEANINVALID, +#ifdef __KERNEL__ HISI_CACHE_MAINT_MAKEINVALID, +#endif HISI_CACHE_MAINT_MAX }; -- 2.33.0

driver inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ICUGZ2 ---------------------------------------------------------------------- Though passing null pointer to kfree() could be harmless, the error path per malloc failure could be confusing when jumping to kfree() with validated null pointer. Fix this by early return instead of jumping to error handling label. Fixes: e6ecc3b028b8 ("soc cache: Add framework driver for HiSilicon SoC cache") Signed-off-by: Yushan Wang <wangyushan12@huawei.com> Signed-off-by: Hongye Lin <linhongye@h-partners.com> --- drivers/soc/hisilicon/hisi_soc_cache_framework.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/soc/hisilicon/hisi_soc_cache_framework.c b/drivers/soc/hisilicon/hisi_soc_cache_framework.c index 199111f939e9..6aee6b66a2cd 100644 --- a/drivers/soc/hisilicon/hisi_soc_cache_framework.c +++ b/drivers/soc/hisilicon/hisi_soc_cache_framework.c @@ -236,10 +236,8 @@ static long hisi_soc_cache_mgmt_ioctl(struct file *file, u32 cmd, unsigned long kzalloc(sizeof(struct hisi_soc_cache_ioctl_param), GFP_KERNEL); long ret; - if (!param) { - ret = -ENOMEM; - goto out; - } + if (!param) + return -ENOMEM; if (copy_from_user(param, (void __user *)arg, sizeof(*param))) { ret = -EFAULT; -- 2.33.0