* [PATCH v2] dmaengine: mcf-edma: Fix a potential un-allocated memory access
@ 2023-05-27 7:36 Christophe JAILLET
2023-07-11 16:43 ` Vinod Koul
0 siblings, 1 reply; 2+ messages in thread
From: Christophe JAILLET @ 2023-05-27 7:36 UTC (permalink / raw)
To: vkoul; +Cc: dmaengine, linux-kernel, kernel-janitors, Christophe JAILLET
When 'mcf_edma' is allocated, some space is allocated for a
flexible array at the end of the struct. 'chans' item are allocated, that is
to say 'pdata->dma_channels'.
Then, this number of item is stored in 'mcf_edma->n_chans'.
A few lines later, if 'mcf_edma->n_chans' is 0, then a default value of 64
is set.
This ends to no space allocated by devm_kzalloc() because chans was 0, but
64 items are read and/or written in some not allocated memory.
Change the logic to define a default value before allocating the memory.
Fixes: e7a3ff92eaf1 ("dmaengine: fsl-edma: add ColdFire mcf5441x edma support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
If I'm correct, then:
- the default value is hard-coded as 64. There is also a
#define EDMA_CHANNELS 64
which maybe could be used, or renamed as EDMA_DEFAULT_CHANNELS
- mcf_edma_err_handler() looks bogus, because it considers that
mcf_edma->chans has EDMA_CHANNELS items.
I guess that something related to mcf_edma->n_chans is what is
expected, but how should this be done?
Maybe, the EDMA_CHANNELS value should be used all the time?
Maybe, the number of chans should be limited to EDMA_CHANNELS?
Maybe, the number of chans should be at least EDMA_CHANNELS?
Maybe, maybe, maybe, but me, I don't know :(
All I know is that this patch compiles :)
and that it can gives Dan an idea for smatch for checking access to un-allocated
memory related to flexible array :)
v2: I forgot the subject in v1...
---
drivers/dma/mcf-edma.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/dma/mcf-edma.c b/drivers/dma/mcf-edma.c
index ebd8733f72ad..9413fad08a60 100644
--- a/drivers/dma/mcf-edma.c
+++ b/drivers/dma/mcf-edma.c
@@ -190,7 +190,13 @@ static int mcf_edma_probe(struct platform_device *pdev)
return -EINVAL;
}
- chans = pdata->dma_channels;
+ if (!pdata->dma_channels) {
+ dev_info(&pdev->dev, "setting default channel number to 64");
+ chans = 64;
+ } else {
+ chans = pdata->dma_channels;
+ }
+
len = sizeof(*mcf_edma) + sizeof(*mcf_chan) * chans;
mcf_edma = devm_kzalloc(&pdev->dev, len, GFP_KERNEL);
if (!mcf_edma)
@@ -202,11 +208,6 @@ static int mcf_edma_probe(struct platform_device *pdev)
mcf_edma->drvdata = &mcf_data;
mcf_edma->big_endian = 1;
- if (!mcf_edma->n_chans) {
- dev_info(&pdev->dev, "setting default channel number to 64");
- mcf_edma->n_chans = 64;
- }
-
mutex_init(&mcf_edma->fsl_edma_mutex);
mcf_edma->membase = devm_platform_ioremap_resource(pdev, 0);
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] dmaengine: mcf-edma: Fix a potential un-allocated memory access
2023-05-27 7:36 [PATCH v2] dmaengine: mcf-edma: Fix a potential un-allocated memory access Christophe JAILLET
@ 2023-07-11 16:43 ` Vinod Koul
0 siblings, 0 replies; 2+ messages in thread
From: Vinod Koul @ 2023-07-11 16:43 UTC (permalink / raw)
To: Christophe JAILLET; +Cc: dmaengine, linux-kernel, kernel-janitors
On Sat, 27 May 2023 09:36:31 +0200, Christophe JAILLET wrote:
> When 'mcf_edma' is allocated, some space is allocated for a
> flexible array at the end of the struct. 'chans' item are allocated, that is
> to say 'pdata->dma_channels'.
>
> Then, this number of item is stored in 'mcf_edma->n_chans'.
>
> A few lines later, if 'mcf_edma->n_chans' is 0, then a default value of 64
> is set.
>
> [...]
Applied, thanks!
[1/1] dmaengine: mcf-edma: Fix a potential un-allocated memory access
commit: ad5808c58ddceeab43dc68cc10d99f56d143facd
Best regards,
--
~Vinod
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-07-11 16:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-27 7:36 [PATCH v2] dmaengine: mcf-edma: Fix a potential un-allocated memory access Christophe JAILLET
2023-07-11 16:43 ` Vinod Koul
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.