Re: [ 41/75] ARM: davinci: edma: fix dmaengine induced null pointerdereference on da830

From: Matt Porter
Date: Tue Mar 19 2013 - 13:26:03 EST

Next message: Pádraig Brady: "Re: [PATCH v2 2/7] watchdog: w83627hf: Enable watchdog only once"
Previous message: Matthew Garrett: "Re: [PATCH] x86/efi: pull NV+BS variables out before we exit bootservices"
In reply to: Luis Henriques: "Re: [ 41/75] ARM: davinci: edma: fix dmaengine induced null pointerdereference on da830"
Next in thread: Luis Henriques: "Re: [ 41/75] ARM: davinci: edma: fix dmaengine induced null pointerdereference on da830"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 19, 2013 at 04:25:35PM +0000, Luis Henriques wrote:
> On Mon, Mar 18, 2013 at 02:07:04PM -0700, Greg Kroah-Hartman wrote:
> > 3.8-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Matt Porter <mporter@xxxxxx>
> >
> > commit 069552777a121eb39da29de4bc0383483dbe1f7e upstream.
> >
> > This adds additional error checking to the private edma api implementation
> > to catch the case where the edma_alloc_slot() has an invalid controller
> > parameter. The edma dmaengine wrapper driver relies on this condition
> > being handled in order to avoid setting up a second edma dmaengine
> > instance on DA830.
> >
> > Verfied using a DA850 with the second EDMA controller platform instance
> > removed to simulate a DA830 which only has a single EDMA controller.
> >
> > Reported-by: Tomas Novotny <tomas@xxxxxxxxxx>
> > Signed-off-by: Matt Porter <mporter@xxxxxx>
> > Tested-by: Tomas Novotny <tomas@xxxxxxxxxx>
> > Signed-off-by: Sekhar Nori <nsekhar@xxxxxx>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> >
> > ---
> > arch/arm/mach-davinci/dma.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > --- a/arch/arm/mach-davinci/dma.c
> > +++ b/arch/arm/mach-davinci/dma.c
> > @@ -743,6 +743,9 @@ EXPORT_SYMBOL(edma_free_channel);
> > */
> > int edma_alloc_slot(unsigned ctlr, int slot)
> > {
> > + if (!edma_cc[ctlr])
> > + return -EINVAL;
> > +
> > if (slot >= 0)
> > slot = EDMA_CHAN_SLOT(slot);
>
> I couldn't figure out the reason why this is tagged for v3.7.x+ only.
> Shouldn't this be applied to 3.2, 3.4 and 3.5 as well?

The bug being fixed is triggered by the edma dmaengine driver (and only
on one board) that was introduced in 3.7. Prior to that it is just a
theoretical bug.

-Matt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pádraig Brady: "Re: [PATCH v2 2/7] watchdog: w83627hf: Enable watchdog only once"
Previous message: Matthew Garrett: "Re: [PATCH] x86/efi: pull NV+BS variables out before we exit bootservices"
In reply to: Luis Henriques: "Re: [ 41/75] ARM: davinci: edma: fix dmaengine induced null pointerdereference on da830"
Next in thread: Luis Henriques: "Re: [ 41/75] ARM: davinci: edma: fix dmaengine induced null pointerdereference on da830"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]