[PATCH AUTOSEL 4.14 38/43] libata: fix using DMA buffers on stack

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: raymond pang <raymondpangxd@gmail.com>,
	Jens Axboe <axboe@kernel.dk>, Sasha Levin <sashal@kernel.org>,
	linux-ide@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 38/43] libata: fix using DMA buffers on stack
Date: Mon, 22 Apr 2019 15:47:22 -0400	[thread overview]
Message-ID: <20190422194727.12495-38-sashal@kernel.org> (raw)
In-Reply-To: <20190422194727.12495-1-sashal@kernel.org>

From: raymond pang <raymondpangxd@gmail.com>

[ Upstream commit dd08a8d9a66de4b54575c294a92630299f7e0fe7 ]

When CONFIG_VMAP_STACK=y, __pa() returns incorrect physical address for
a stack virtual address. Stack DMA buffers must be avoided.

Signed-off-by: raymond pang <raymondpangxd@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>
---
 drivers/ata/libata-zpodd.c | 34 ++++++++++++++++++++++++----------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/drivers/ata/libata-zpodd.c b/drivers/ata/libata-zpodd.c
index b3ed8f9953a8..173e6f2dd9af 100644
--- a/drivers/ata/libata-zpodd.c
+++ b/drivers/ata/libata-zpodd.c
@@ -52,38 +52,52 @@ static int eject_tray(struct ata_device *dev)
 /* Per the spec, only slot type and drawer type ODD can be supported */
 static enum odd_mech_type zpodd_get_mech_type(struct ata_device *dev)
 {
-	char buf[16];
+	char *buf;
 	unsigned int ret;
-	struct rm_feature_desc *desc = (void *)(buf + 8);
+	struct rm_feature_desc *desc;
 	struct ata_taskfile tf;
 	static const char cdb[] = {  GPCMD_GET_CONFIGURATION,
 			2,      /* only 1 feature descriptor requested */
 			0, 3,   /* 3, removable medium feature */
 			0, 0, 0,/* reserved */
-			0, sizeof(buf),
+			0, 16,
 			0, 0, 0,
 	};
 
+	buf = kzalloc(16, GFP_KERNEL);
+	if (!buf)
+		return ODD_MECH_TYPE_UNSUPPORTED;
+	desc = (void *)(buf + 8);
+
 	ata_tf_init(dev, &tf);
 	tf.flags = ATA_TFLAG_ISADDR | ATA_TFLAG_DEVICE;
 	tf.command = ATA_CMD_PACKET;
 	tf.protocol = ATAPI_PROT_PIO;
-	tf.lbam = sizeof(buf);
+	tf.lbam = 16;
 
 	ret = ata_exec_internal(dev, &tf, cdb, DMA_FROM_DEVICE,
-				buf, sizeof(buf), 0);
-	if (ret)
+				buf, 16, 0);
+	if (ret) {
+		kfree(buf);
 		return ODD_MECH_TYPE_UNSUPPORTED;
+	}
 
-	if (be16_to_cpu(desc->feature_code) != 3)
+	if (be16_to_cpu(desc->feature_code) != 3) {
+		kfree(buf);
 		return ODD_MECH_TYPE_UNSUPPORTED;
+	}
 
-	if (desc->mech_type == 0 && desc->load == 0 && desc->eject == 1)
+	if (desc->mech_type == 0 && desc->load == 0 && desc->eject == 1) {
+		kfree(buf);
 		return ODD_MECH_TYPE_SLOT;
-	else if (desc->mech_type == 1 && desc->load == 0 && desc->eject == 1)
+	} else if (desc->mech_type == 1 && desc->load == 0 &&
+		   desc->eject == 1) {
+		kfree(buf);
 		return ODD_MECH_TYPE_DRAWER;
-	else
+	} else {
+		kfree(buf);
 		return ODD_MECH_TYPE_UNSUPPORTED;
+	}
 }
 
 /* Test if ODD is zero power ready by sense code */
-- 
2.19.1

next prev parent reply	other threads:[~2019-04-22 19:47 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-22 19:46 [PATCH AUTOSEL 4.14 01/43] ARM: dts: bcm283x: Fix hdmi hpd gpio pull Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 02/43] s390: limit brk randomization to 32MB Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 03/43] qlcnic: Avoid potential NULL pointer dereference Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 04/43] netfilter: nft_set_rbtree: check for inactive element after flag mismatch Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 05/43] netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 06/43] s390/qeth: fix race when initializing the IP address table Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 07/43] sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 08/43] serial: ar933x_uart: Fix build failure with disabled console Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 09/43] KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots Sasha Levin
2019-04-22 19:46   ` Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 10/43] usb: gadget: net2280: Fix overrun of OUT messages Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 11/43] usb: gadget: net2280: Fix net2280_dequeue() Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 12/43] usb: gadget: net2272: Fix net2272_dequeue() Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 13/43] ARM: dts: pfla02: increase phy reset duration Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 14/43] net: ks8851: Dequeue RX packets explicitly Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 15/43] net: ks8851: Reassert reset pin if chip ID check fails Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 16/43] net: ks8851: Delay requesting IRQ until opened Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 17/43] net: ks8851: Set initial carrier state to down Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 18/43] staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 19/43] staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 20/43] staging: rtl8712: uninitialized memory in read_bbreg_hdl() Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 21/43] staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 22/43] net: macb: Add null check for PCLK and HCLK Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 23/43] net/sched: don't dereference a->goto_chain to read the chain index Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 24/43] ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 25/43] NFS: Fix a typo in nfs_init_timeout_values() Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 26/43] net: xilinx: fix possible object reference leak Sasha Levin
2019-04-22 19:47   ` Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 27/43] net: ibm: " Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 28/43] net: ethernet: ti: " Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 29/43] gpio: aspeed: fix a potential NULL pointer dereference Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 30/43] drm/meson: Fix invalid pointer in meson_drv_unbind() Sasha Levin
2019-04-22 19:47   ` Sasha Levin
2019-04-22 19:47   ` Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 31/43] drm/meson: Uninstall IRQ handler Sasha Levin
2019-04-22 19:47   ` Sasha Levin
2019-04-22 19:47   ` Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 32/43] scsi: qla4xxx: fix a potential NULL pointer dereference Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 33/43] usb: usb251xb: fix to avoid " Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 34/43] usb: u132-hcd: fix resource leak Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 35/43] tty: fix NULL pointer issue when tty_port ops is not set Sasha Levin
2019-04-23  5:35   ` Johan Hovold
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 36/43] ceph: fix use-after-free on symlink traversal Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 37/43] scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN Sasha Levin
2019-04-22 19:47 ` Sasha Levin [this message]
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 39/43] gpio: of: Fix of_gpiochip_add() error path Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 40/43] kconfig/[mn]conf: handle backspace (^H) key Sasha Levin
     [not found] ` <20190422194727.12495-1-sashal-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2019-04-22 19:47   ` [PATCH AUTOSEL 4.14 41/43] iommu/amd: Reserve exclusion range in iova-domain Sasha Levin
2019-04-22 19:47     ` Sasha Levin
2019-04-22 19:47     ` Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 42/43] ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 43/43] leds: pca9532: fix a potential NULL pointer dereference Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b3ed8f9953a dfblob:173e6f2dd9a )
 OR (
bs:"[PATCH AUTOSEL 4.14 38/43] libata: fix using DMA buffers on stack" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190422194727.12495-38-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=axboe@kernel.dk \
    --cc=linux-ide@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=raymondpangxd@gmail.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.