mwifiex: remove misleading GFP_DMA flag in buffer allocations

The GFP_DMA flag is obviously misunderstood in the mwifiex driver. It's
meant for legacy ISA DMA memory mappings only -- the lower 16MB on x86.
That doesn't apply to PCIe or SDIO devices, I guess.

Remove the GFP_DMA flag to reduce the need to place the socket buffer
allocation into the low mem DMA area, which might already be in use by
other drivers.

This misuse was flagged by the PaX USERCOPY feature by chance, as it
detected the user copy operation from a DMA buffer in the recvfrom()
syscall path.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Tested-by: Dennis Wassenberg <dennis.wassenberg@secunet.com>
Cc: Amitkumar Karwar <akarwar@marvell.com>
Cc: Nishant Sarmukadam <nishants@marvell.com>
Cc: Xinming Hu <huxm@marvell.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: Brad Spengler <spender@grsecurity.net>
Cc: PaX Team <pageexec@freemail.hu>
Acked-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/marvell/mwifiex/11n_aggr.c b/drivers/net/wireless/marvell/mwifiex/11n_aggr.c
index 1efef3b..dc49c3d 100644 (file)
--- a/drivers/net/wireless/marvell/mwifiex/11n_aggr.c
+++ b/drivers/net/wireless/marvell/mwifiex/11n_aggr.c
@@ -184,7 +184,7 @@ mwifiex_11n_aggregate_pkt(struct mwifiex_private *priv,
 
        tx_info_src = MWIFIEX_SKB_TXCB(skb_src);
        skb_aggr = mwifiex_alloc_dma_align_buf(adapter->tx_buf_size,
-                                              GFP_ATOMIC | GFP_DMA);
+                                              GFP_ATOMIC);
        if (!skb_aggr) {
                spin_unlock_irqrestore(&priv->wmm.ra_list_spinlock,
                                       ra_list_flags);

diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c
index a35db02..1b1e266 100644 (file)
--- a/drivers/net/wireless/marvell/mwifiex/pcie.c
+++ b/drivers/net/wireless/marvell/mwifiex/pcie.c
@@ -507,7 +507,7 @@ static int mwifiex_init_rxq_ring(struct mwifiex_adapter *adapter)
        for (i = 0; i < MWIFIEX_MAX_TXRX_BD; i++) {
                /* Allocate skb here so that firmware can DMA data from it */
                skb = mwifiex_alloc_dma_align_buf(MWIFIEX_RX_DATA_BUF_SIZE,
-                                                 GFP_KERNEL | GFP_DMA);
+                                                 GFP_KERNEL);
                if (!skb) {
                        mwifiex_dbg(adapter, ERROR,
                                    "Unable to allocate skb for RX ring.\n");
@@ -1319,7 +1319,7 @@ static int mwifiex_pcie_process_recv_data(struct mwifiex_adapter *adapter)
                }
 
                skb_tmp = mwifiex_alloc_dma_align_buf(MWIFIEX_RX_DATA_BUF_SIZE,
-                                                     GFP_KERNEL | GFP_DMA);
+                                                     GFP_KERNEL);
                if (!skb_tmp) {
                        mwifiex_dbg(adapter, ERROR,
                                    "Unable to allocate skb.\n");

diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.c b/drivers/net/wireless/marvell/mwifiex/sdio.c
index bdc51ff..674465e 100644 (file)
--- a/drivers/net/wireless/marvell/mwifiex/sdio.c
+++ b/drivers/net/wireless/marvell/mwifiex/sdio.c
@@ -1492,7 +1492,7 @@ rx_curr_single:
                mwifiex_dbg(adapter, INFO, "info: RX: port: %d, rx_len: %d\n",
                            port, rx_len);
 
-               skb = mwifiex_alloc_dma_align_buf(rx_len, GFP_KERNEL | GFP_DMA);
+               skb = mwifiex_alloc_dma_align_buf(rx_len, GFP_KERNEL);
                if (!skb) {
                        mwifiex_dbg(adapter, ERROR,
                                    "single skb allocated fail,\t"
@@ -1597,7 +1597,7 @@ static int mwifiex_process_int_status(struct mwifiex_adapter *adapter)
                rx_len = (u16) (rx_blocks * MWIFIEX_SDIO_BLOCK_SIZE);
                mwifiex_dbg(adapter, INFO, "info: rx_len = %d\n", rx_len);
 
-               skb = mwifiex_alloc_dma_align_buf(rx_len, GFP_KERNEL | GFP_DMA);
+               skb = mwifiex_alloc_dma_align_buf(rx_len, GFP_KERNEL);
                if (!skb)
                        return -1;