| Message ID | 75e9c0e84c3345d693c606c64f8b9ab5@x13pwhopdag1307.AMER.DELL.COM (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2] ioat: ioat_alloc_ring() failure handling. | expand |
> -----Original Message----- > From: dmaengine-owner@vger.kernel.org <dmaengine- > owner@vger.kernel.org> On Behalf Of Alexander.Barabash@dell.com > Sent: Wednesday, December 25, 2019 10:56 AM > To: dmaengine@vger.kernel.org > Cc: alexander.barabash@gmail.com > Subject: [PATCH v2] ioat: ioat_alloc_ring() failure handling. > > If dma_alloc_coherent() returns NULL in ioat_alloc_ring(), ring allocation > must not proceed. > > Until now, if the first call to dma_alloc_coherent() in > ioat_alloc_ring() returned NULL, the processing could proceed, failing with > NULL-pointer dereferencing further down the line. > > Signed-off-by: Alexander Barabash <alexander.barabash@dell.com> Acked-by: Dave Jiang <dave.jiang@intel.com> > --- > drivers/dma/ioat/dma.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/dma/ioat/dma.c b/drivers/dma/ioat/dma.c index > 1a422a8..18c011e 100644 > --- a/drivers/dma/ioat/dma.c > +++ b/drivers/dma/ioat/dma.c > @@ -377,10 +377,11 @@ struct ioat_ring_ent ** > > descs->virt = dma_alloc_coherent(to_dev(ioat_chan), > SZ_2M, &descs->hw, flags); > - if (!descs->virt && (i > 0)) { > + if (!descs->virt) { > int idx; > > for (idx = 0; idx < i; idx++) { > + descs = &ioat_chan->descs[idx]; > dma_free_coherent(to_dev(ioat_chan), > SZ_2M, > descs->virt, descs->hw); > descs->virt = NULL; > -- > 1.8.3.1
On 25-12-19, 17:55, Alexander.Barabash@dell.com wrote: > If dma_alloc_coherent() returns NULL in ioat_alloc_ring(), ring > allocation must not proceed. > > Until now, if the first call to dma_alloc_coherent() in > ioat_alloc_ring() returned NULL, the processing could proceed, failing > with NULL-pointer dereferencing further down the line. Applied, thanks
diff --git a/drivers/dma/ioat/dma.c b/drivers/dma/ioat/dma.c index 1a422a8..18c011e 100644 --- a/drivers/dma/ioat/dma.c +++ b/drivers/dma/ioat/dma.c @@ -377,10 +377,11 @@ struct ioat_ring_ent ** descs->virt = dma_alloc_coherent(to_dev(ioat_chan), SZ_2M, &descs->hw, flags); - if (!descs->virt && (i > 0)) { + if (!descs->virt) { int idx; for (idx = 0; idx < i; idx++) { + descs = &ioat_chan->descs[idx]; dma_free_coherent(to_dev(ioat_chan), SZ_2M, descs->virt, descs->hw); descs->virt = NULL;
If dma_alloc_coherent() returns NULL in ioat_alloc_ring(), ring allocation must not proceed. Until now, if the first call to dma_alloc_coherent() in ioat_alloc_ring() returned NULL, the processing could proceed, failing with NULL-pointer dereferencing further down the line. Signed-off-by: Alexander Barabash <alexander.barabash@dell.com> --- drivers/dma/ioat/dma.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)