| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Jun 2021 12:19:48 +0200
From: Takashi Iwai <tiwai@...e.de>
To: Adrian Hunter <adrian.hunter@...el.com>
Cc: Ulf Hansson <ulf.hansson@...aro.org>, linux-mmc@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v2] mmc: sdhci: Clear unused bounce buffer at DMA mmap error path
When DMA-mapping of the bounce buffer fails, the driver tries to fall
back, but it leaves the allocated host->bounce_buffer although its
size is zero. Later on, the driver checks the use of bounce buffer
with host->bounce_buffer pointer, and it tries to use the buffer
incorrectly, resulting in Oops.
This patch clears the release the unused buffer and clears the
bounce_buffer pointer for addressing the problem.
Acked-by: Adrian Hunter <adrian.hunter@...el.com>
Signed-off-by: Takashi Iwai <tiwai@...e.de>
---
v1->v2: correct the device pointer to mmc_dev(mmc)
drivers/mmc/host/sdhci.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c
index bf238ade1602..c80bc6c4ebf3 100644
--- a/drivers/mmc/host/sdhci.c
+++ b/drivers/mmc/host/sdhci.c
@@ -4072,9 +4072,13 @@ static void sdhci_allocate_bounce_buffer(struct sdhci_host *host)
bounce_size,
DMA_BIDIRECTIONAL);
ret = dma_mapping_error(mmc_dev(mmc), host->bounce_addr);
- if (ret)
+ if (ret) {
+ devm_kfree(mmc_dev(mmc), host->bounce_buffer);
+ host->bounce_buffer = NULL;
/* Again fall back to max_segs == 1 */
return;
+ }
+
host->bounce_buffer_size = bounce_size;
/* Lie about this since we're bouncing */
--
2.26.2
Powered by blists - more mailing lists