[PATCH] dmaengine: do not allow access outside of unmap_pool

From: Colin King
Date: Tue May 17 2016 - 08:01:02 EST

Next message: Christophe Leroy: "[PATCH v3 1/2] powerpc32: Use instruction symbolic names in check_io_access()"
Previous message: Noralf TrÃnnes: "Re: [PATCH v4 3/3] drm: Add helper for simple display pipeline"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Colin Ian King <colin.king@xxxxxxxxxxxxx>

When CONFIG_DMA_ENGINE_RAID is defined, unmap_pool[] is just 1
element in size, however, allows orders of 2..8 to access
outside unmap_pool and returns an invalid address. Ensure
we fall into the default path and report a BUG() when
CONFIG_DMA_ENGINE_RAID is defined and order is out of range.

Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
---
drivers/dma/dmaengine.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c
index 8c9f45f..6027e66 100644
--- a/drivers/dma/dmaengine.c
+++ b/drivers/dma/dmaengine.c
@@ -1100,12 +1100,14 @@ static struct dmaengine_unmap_pool *__get_unmap_pool(int nr)
switch (order) {
case 0 ... 1:
return &unmap_pool[0];
+ #if IS_ENABLED(CONFIG_DMA_ENGINE_RAID)
case 2 ... 4:
return &unmap_pool[1];
case 5 ... 7:
return &unmap_pool[2];
case 8:
return &unmap_pool[3];
+ #endif
default:
BUG();
return NULL;
--
2.8.1

Next message: Christophe Leroy: "[PATCH v3 1/2] powerpc32: Use instruction symbolic names in check_io_access()"
Previous message: Noralf TrÃnnes: "Re: [PATCH v4 3/3] drm: Add helper for simple display pipeline"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]