[PATCH 3.16 018/233] staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory.

From: Ben Hutchings
Date: Sat Sep 09 2017 - 18:33:05 EST

Next message: Ben Hutchings: "[PATCH 3.16 017/233] USB: serial: ftdi_sio: fix setting latency for unprivileged users"
Previous message: Ben Hutchings: "[PATCH 3.16 011/233] net: irda: irda-usb: fix firmware name on big-endian hosts"
In reply to: Ben Hutchings: "[PATCH 3.16 011/233] net: irda: irda-usb: fix firmware name on big-endian hosts"
Next in thread: Ben Hutchings: "[PATCH 3.16 017/233] USB: serial: ftdi_sio: fix setting latency for unprivileged users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.16.48-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Malcolm Priestley <tvboxspy@xxxxxxxxx>

commit baabd567f87be05330faa5140f72a91960e7405a upstream.

The driver attempts to alter memory that is mapped to PCI device.

This is because tx_fwinfo_8190pci points to skb->data

Move the pci_map_single to when completed buffer is ready to be mapped with
psdec is empty to drop on mapping error.

Signed-off-by: Malcolm Priestley <tvboxspy@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
drivers/staging/rtl8192e/rtl8192e/r8192E_dev.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)

--- a/drivers/staging/rtl8192e/rtl8192e/r8192E_dev.c
+++ b/drivers/staging/rtl8192e/rtl8192e/r8192E_dev.c
@@ -1172,8 +1172,7 @@ void rtl8192_tx_fill_desc(struct net_de
struct cb_desc *cb_desc, struct sk_buff *skb)
{
struct r8192_priv *priv = rtllib_priv(dev);
- dma_addr_t mapping = pci_map_single(priv->pdev, skb->data, skb->len,
- PCI_DMA_TODEVICE);
+ dma_addr_t mapping;
struct tx_fwinfo_8190pci *pTxFwInfo = NULL;
pTxFwInfo = (struct tx_fwinfo_8190pci *)skb->data;
memset(pTxFwInfo, 0, sizeof(struct tx_fwinfo_8190pci));
@@ -1184,8 +1183,6 @@ void rtl8192_tx_fill_desc(struct net_de
pTxFwInfo->TxRate,
cb_desc);

- if (pci_dma_mapping_error(priv->pdev, mapping))
- RT_TRACE(COMP_ERR, "DMA Mapping error\n");
if (cb_desc->bAMPDUEnable) {
pTxFwInfo->AllowAggregation = 1;
pTxFwInfo->RxMF = cb_desc->ampdu_factor;
@@ -1220,6 +1217,14 @@ void rtl8192_tx_fill_desc(struct net_de
}

memset((u8 *)pdesc, 0, 12);
+
+ mapping = pci_map_single(priv->pdev, skb->data, skb->len,
+ PCI_DMA_TODEVICE);
+ if (pci_dma_mapping_error(priv->pdev, mapping)) {
+ RT_TRACE(COMP_ERR, "DMA Mapping error\n");
+ return;
+ }
+
pdesc->LINIP = 0;
pdesc->CmdInit = 1;
pdesc->Offset = sizeof(struct tx_fwinfo_8190pci) + 8;

Next message: Ben Hutchings: "[PATCH 3.16 017/233] USB: serial: ftdi_sio: fix setting latency for unprivileged users"
Previous message: Ben Hutchings: "[PATCH 3.16 011/233] net: irda: irda-usb: fix firmware name on big-endian hosts"
In reply to: Ben Hutchings: "[PATCH 3.16 011/233] net: irda: irda-usb: fix firmware name on big-endian hosts"
Next in thread: Ben Hutchings: "[PATCH 3.16 017/233] USB: serial: ftdi_sio: fix setting latency for unprivileged users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]