| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180108155050.7387-1-zi.yan@sent.com>
Date: Mon, 8 Jan 2018 10:50:50 -0500
From: Zi Yan <zi.yan@...t.com>
To: dmaengine@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, Zi Yan <zi.yan@...rutgers.edu>,
Vinod Koul <vinod.koul@...el.com>,
Dan Williams <dan.j.williams@...el.com>
Subject: [PATCH] dmaengine: avoid map_cnt overflow with CONFIG_DMA_ENGINE_RAID
From: Zi Yan <zi.yan@...rutgers.edu>
When CONFIG_DMA_ENGINE_RAID is enabled, unmap pool size can reach to
256. But in struct dmaengine_unmap_data, map_cnt is only u8, wrapping
to 0, if the unmap pool is maximally used. This triggers BUG() when
struct dmaengine_unmap_data is freed. Use u16 to fix the problem.
Signed-off-by: Zi Yan <zi.yan@...rutgers.edu>
---
include/linux/dmaengine.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h
index f838764993eb..861be5cab1df 100644
--- a/include/linux/dmaengine.h
+++ b/include/linux/dmaengine.h
@@ -470,7 +470,11 @@ typedef void (*dma_async_tx_callback_result)(void *dma_async_param,
const struct dmaengine_result *result);
struct dmaengine_unmap_data {
+#if IS_ENABLED(CONFIG_DMA_ENGINE_RAID)
+ u16 map_cnt;
+#else
u8 map_cnt;
+#endif
u8 to_cnt;
u8 from_cnt;
u8 bidi_cnt;
--
2.15.1
Powered by blists - more mailing lists