[PATCH AUTOSEL 4.9 03/12] media: airspy: respect the DMA coherency rules

From: Sasha Levin
Date: Thu Aug 11 2022 - 12:38:25 EST


From: Oliver Neukum <oneukum@xxxxxxxx>

[ Upstream commit ca9dc8d06ab64543a6a31adac5003349c5671218 ]

If we want to avoid memory corruption
on incoherent architectures, buffers for DMA
must not reside
- on the stack
- embedded within other structures

Allocate them separately.

v2: fix uninitialized return value

Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/media/usb/airspy/airspy.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/drivers/media/usb/airspy/airspy.c b/drivers/media/usb/airspy/airspy.c
index 8251942bcd12..1c549ad60195 100644
--- a/drivers/media/usb/airspy/airspy.c
+++ b/drivers/media/usb/airspy/airspy.c
@@ -134,7 +134,7 @@ struct airspy {

/* USB control message buffer */
#define BUF_SIZE 128
- u8 buf[BUF_SIZE];
+ u8 *buf;

/* Current configuration */
unsigned int f_adc;
@@ -872,6 +872,7 @@ static void airspy_video_release(struct v4l2_device *v)

v4l2_ctrl_handler_free(&s->hdl);
v4l2_device_unregister(&s->v4l2_dev);
+ kfree(s->buf);
kfree(s);
}

@@ -979,7 +980,10 @@ static int airspy_probe(struct usb_interface *intf,
{
struct airspy *s;
int ret;
- u8 u8tmp, buf[BUF_SIZE];
+ u8 u8tmp, *buf;
+
+ buf = NULL;
+ ret = -ENOMEM;

s = kzalloc(sizeof(struct airspy), GFP_KERNEL);
if (s == NULL) {
@@ -987,6 +991,13 @@ static int airspy_probe(struct usb_interface *intf,
return -ENOMEM;
}

+ s->buf = kzalloc(BUF_SIZE, GFP_KERNEL);
+ if (!s->buf)
+ goto err_free_mem;
+ buf = kzalloc(BUF_SIZE, GFP_KERNEL);
+ if (!buf)
+ goto err_free_mem;
+
mutex_init(&s->v4l2_lock);
mutex_init(&s->vb_queue_lock);
spin_lock_init(&s->queued_bufs_lock);
@@ -1082,6 +1093,8 @@ static int airspy_probe(struct usb_interface *intf,
v4l2_ctrl_handler_free(&s->hdl);
v4l2_device_unregister(&s->v4l2_dev);
err_free_mem:
+ kfree(buf);
+ kfree(s->buf);
kfree(s);
return ret;
}
--
2.35.1