From 979cdd6f6e26da14aa95e2e7e116f9af72b122dc Mon Sep 17 00:00:00 2001 From: Vinayak Menon Date: Thu, 31 Jan 2019 20:47:07 +0530 Subject: [PATCH] ion: fix system secure force alloc Even when ION_FLAG_POOL_FORCE_ALLOC is set for secure alloc, alloc_from_pool_preferred tries to get the pages from pool first. In case if it enters split_page_from_secure_pool, free_buffer_page can end up calling __free_pages on the page from pool which is hyp assigned, resulting in issues for e.g. a fault if page poisoning is enabled. Change-Id: I68759dc17551a5705693506a5c137977d429fe36 Signed-off-by: Vinayak Menon --- drivers/staging/android/ion/ion_system_heap.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c index 403dadea5bb2..126f45ac5bf9 100644 --- a/drivers/staging/android/ion/ion_system_heap.c +++ b/drivers/staging/android/ion/ion_system_heap.c @@ -2,7 +2,7 @@ * drivers/staging/android/ion/ion_system_heap.c * * Copyright (C) 2011 Google, Inc. - * Copyright (c) 2011-2018, The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2019, The Linux Foundation. All rights reserved. * * This software is licensed under the terms of the GNU General Public * License version 2, as published by the Free Software Foundation, and @@ -270,6 +270,9 @@ static struct page_info *alloc_from_pool_preferred( struct page_info *info; int i; + if (buffer->flags & ION_FLAG_POOL_FORCE_ALLOC) + goto force_alloc; + info = kmalloc(sizeof(*info), GFP_KERNEL); if (!info) return NULL; @@ -301,6 +304,7 @@ static struct page_info *alloc_from_pool_preferred( } kfree(info); +force_alloc: return alloc_largest_available(heap, buffer, size, max_order); }