git: 6c4b6f55f77d - main - busdma: Protect ARM busdma bounce page counters using the bounce page lock.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 25 Jun 2022 10:05:35 UTC
The branch main has been updated by hselasky: URL: https://cgit.FreeBSD.org/src/commit/?id=6c4b6f55f77d8d7cee1b277bd6579a77d6890ef9 commit 6c4b6f55f77d8d7cee1b277bd6579a77d6890ef9 Author: Hans Petter Selasky <hselasky@FreeBSD.org> AuthorDate: 2022-06-23 09:31:17 +0000 Commit: Hans Petter Selasky <hselasky@FreeBSD.org> CommitDate: 2022-06-25 10:01:59 +0000 busdma: Protect ARM busdma bounce page counters using the bounce page lock. In bus_dmamap_unload() on ARM, the counters for free_bpages and reserved_bpages appear to be vulnerable to unprotected read-modify-write operations that result in accounting that looks like a page leak. This was noticed on a 2GB quad core i.MX6 system that has more than one device attached via FTDI based USB serial connection. Submitted by: John Hein <jcfyecrayz@liamekaens.com> Differential Revision: https://reviews.freebsd.org/D35553 PR: 264836 MFC after: 3 days Sponsored by: NVIDIA Networking --- sys/arm/arm/busdma_machdep.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/sys/arm/arm/busdma_machdep.c b/sys/arm/arm/busdma_machdep.c index b4110a9c7d84..2540e15f75c5 100644 --- a/sys/arm/arm/busdma_machdep.c +++ b/sys/arm/arm/busdma_machdep.c @@ -1183,10 +1183,13 @@ bus_dmamap_unload(bus_dma_tag_t dmat, bus_dmamap_t map) if ((bz = dmat->bounce_zone) != NULL) { free_bounce_pages(dmat, map); - bz = dmat->bounce_zone; - bz->free_bpages += map->pagesreserved; - bz->reserved_bpages -= map->pagesreserved; - map->pagesreserved = 0; + if (map->pagesreserved != 0) { + mtx_lock(&bounce_lock); + bz->free_bpages += map->pagesreserved; + bz->reserved_bpages -= map->pagesreserved; + mtx_unlock(&bounce_lock); + map->pagesreserved = 0; + } map->pagesneeded = 0; } map->sync_count = 0;