lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 19 Mar 2013 13:27:14 -0400
From:	Matt Porter <mporter@...com>
To:	Luis Henriques <luis.henriques@...onical.com>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"stable@...r.kernel.org" <stable@...r.kernel.org>,
	Tomas Novotny <tomas@...otny.cz>,
	"Nori, Sekhar" <nsekhar@...com>
Subject: Re: [ 41/75] ARM: davinci: edma: fix dmaengine induced null pointer
 dereference on da830

On Tue, Mar 19, 2013 at 04:25:35PM +0000, Luis Henriques wrote:
> On Mon, Mar 18, 2013 at 02:07:04PM -0700, Greg Kroah-Hartman wrote:
> > 3.8-stable review patch.  If anyone has any objections, please let me know.
> > 
> > ------------------
> > 
> > From: Matt Porter <mporter@...com>
> > 
> > commit 069552777a121eb39da29de4bc0383483dbe1f7e upstream.
> > 
> > This adds additional error checking to the private edma api implementation
> > to catch the case where the edma_alloc_slot() has an invalid controller
> > parameter. The edma dmaengine wrapper driver relies on this condition
> > being handled in order to avoid setting up a second edma dmaengine
> > instance on DA830.
> > 
> > Verfied using a DA850 with the second EDMA controller platform instance
> > removed to simulate a DA830 which only has a single EDMA controller.
> > 
> > Reported-by: Tomas Novotny <tomas@...otny.cz>
> > Signed-off-by: Matt Porter <mporter@...com>
> > Tested-by: Tomas Novotny <tomas@...otny.cz>
> > Signed-off-by: Sekhar Nori <nsekhar@...com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > 
> > ---
> >  arch/arm/mach-davinci/dma.c |    3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > --- a/arch/arm/mach-davinci/dma.c
> > +++ b/arch/arm/mach-davinci/dma.c
> > @@ -743,6 +743,9 @@ EXPORT_SYMBOL(edma_free_channel);
> >   */
> >  int edma_alloc_slot(unsigned ctlr, int slot)
> >  {
> > +	if (!edma_cc[ctlr])
> > +		return -EINVAL;
> > +
> >  	if (slot >= 0)
> >  		slot = EDMA_CHAN_SLOT(slot);
> 
> I couldn't figure out the reason why this is tagged for v3.7.x+ only.
> Shouldn't this be applied to 3.2, 3.4 and 3.5 as well?

The bug being fixed is triggered by the edma dmaengine driver (and only
on one board) that was introduced in 3.7. Prior to that it is just a
theoretical bug.

-Matt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ