From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Xiaomeng Tong <xiam0nd.tong@gmail.com>,
Vinod Koul <vkoul@kernel.org>
Subject: [PATCH 4.9 16/24] dma: at_xdmac: fix a missing check on list iterator
Date: Tue, 26 Apr 2022 10:21:10 +0200 [thread overview]
Message-ID: <20220426081731.852434263@linuxfoundation.org> (raw)
In-Reply-To: <20220426081731.370823950@linuxfoundation.org>
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 206680c4e46b62fd8909385e0874a36952595b85 upstream.
The bug is here:
__func__, desc, &desc->tx_dma_desc.phys, ret, cookie, residue);
The list iterator 'desc' will point to a bogus position containing
HEAD if the list is empty or no element is found. To avoid dev_dbg()
prints a invalid address, use a new variable 'iter' as the list
iterator, while use the origin variable 'desc' as a dedicated
pointer to point to the found element.
Cc: stable@vger.kernel.org
Fixes: 82e2424635f4c ("dmaengine: xdmac: fix print warning on dma_addr_t variable")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220327061154.4867-1-xiam0nd.tong@gmail.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/at_xdmac.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -1392,7 +1392,7 @@ at_xdmac_tx_status(struct dma_chan *chan
{
struct at_xdmac_chan *atchan = to_at_xdmac_chan(chan);
struct at_xdmac *atxdmac = to_at_xdmac(atchan->chan.device);
- struct at_xdmac_desc *desc, *_desc;
+ struct at_xdmac_desc *desc, *_desc, *iter;
struct list_head *descs_list;
enum dma_status ret;
int residue, retry;
@@ -1507,11 +1507,13 @@ at_xdmac_tx_status(struct dma_chan *chan
* microblock.
*/
descs_list = &desc->descs_list;
- list_for_each_entry_safe(desc, _desc, descs_list, desc_node) {
- dwidth = at_xdmac_get_dwidth(desc->lld.mbr_cfg);
- residue -= (desc->lld.mbr_ubc & 0xffffff) << dwidth;
- if ((desc->lld.mbr_nda & 0xfffffffc) == cur_nda)
+ list_for_each_entry_safe(iter, _desc, descs_list, desc_node) {
+ dwidth = at_xdmac_get_dwidth(iter->lld.mbr_cfg);
+ residue -= (iter->lld.mbr_ubc & 0xffffff) << dwidth;
+ if ((iter->lld.mbr_nda & 0xfffffffc) == cur_nda) {
+ desc = iter;
break;
+ }
}
residue += cur_ubc << dwidth;
next prev parent reply other threads:[~2022-04-26 8:23 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-26 8:20 [PATCH 4.9 00/24] 4.9.312-rc1 review Greg Kroah-Hartman
2022-04-26 8:20 ` [PATCH 4.9 01/24] etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead Greg Kroah-Hartman
2022-04-26 8:20 ` [PATCH 4.9 02/24] mm: page_alloc: fix building error on -Werror=array-compare Greg Kroah-Hartman
2022-04-26 8:20 ` [PATCH 4.9 03/24] gfs2: assign rgrp glock before compute_bitstructs Greg Kroah-Hartman
2022-04-26 8:20 ` [PATCH 4.9 04/24] ALSA: usb-audio: Clear MIDI port active flag after draining Greg Kroah-Hartman
2022-04-26 8:20 ` [PATCH 4.9 05/24] dmaengine: imx-sdma: Fix error checking in sdma_event_remap Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 06/24] net/packet: fix packet_sock xmit return value checking Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 07/24] netlink: reset network and mac headers in netlink_dump() Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 08/24] ARM: vexpress/spc: Avoid negative array index when !SMP Greg Kroah-Hartman
2022-04-26 8:21 ` Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 09/24] platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 10/24] ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 11/24] vxlan: fix error return code in vxlan_fdb_append Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 12/24] cifs: Check the IOCB_DIRECT flag, not O_DIRECT Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 13/24] brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 14/24] drm/msm/mdp5: check the return of kzalloc() Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 15/24] ata: pata_marvell: Check the bmdma_addr beforing reading Greg Kroah-Hartman
2022-04-26 8:21 ` Greg Kroah-Hartman [this message]
2022-04-26 8:21 ` [PATCH 4.9 17/24] openvswitch: fix OOB access in reserve_sfa_size() Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 18/24] ASoC: soc-dapm: fix two incorrect uses of list iterator Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 19/24] e1000e: Fix possible overflow in LTR decoding Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 20/24] ARC: entry: fix syscall_trace_exit argument Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 21/24] ext4: limit length to bitmap_maxbytes - blocksize in punch_hole Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 22/24] ext4: fix overhead calculation to account for the reserved gdt blocks Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 23/24] ext4: force overhead calculation if the s_overhead_cluster makes no sense Greg Kroah-Hartman
2022-04-26 8:21 ` [PATCH 4.9 24/24] block/compat_ioctl: fix range check in BLKGETSIZE Greg Kroah-Hartman
2022-04-26 16:19 ` [PATCH 4.9 00/24] 4.9.312-rc1 review Jon Hunter
2022-04-26 16:29 ` Florian Fainelli
2022-04-26 20:01 ` Pavel Machek
2022-04-26 20:11 ` Guenter Roeck
2022-04-26 20:16 ` Shuah Khan
2022-04-27 8:44 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220426081731.852434263@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=vkoul@kernel.org \
--cc=xiam0nd.tong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.