From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753500AbcFGF6p (ORCPT <rfc822;w@1wt.eu>);
	Tue, 7 Jun 2016 01:58:45 -0400
Received: from mga03.intel.com ([134.134.136.65]:43136 "EHLO mga03.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751412AbcFGF6o (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 7 Jun 2016 01:58:44 -0400
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.26,431,1459839600"; 
   d="scan'208";a="715049449"
Date: Tue, 7 Jun 2016 11:35:20 +0530
From: Vinod Koul <vinod.koul@intel.com>
To: Colin King <colin.king@canonical.com>
Cc: Dan Williams <dan.j.williams@intel.com>, dmaengine@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] dmaengine: do not allow access outside of unmap_pool
Message-ID: <20160607060519.GF16910@localhost>
References: <1463486446-13890-1-git-send-email-colin.king@canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1463486446-13890-1-git-send-email-colin.king@canonical.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 17, 2016 at 01:00:46PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> When CONFIG_DMA_ENGINE_RAID is defined, unmap_pool[] is just 1
> element in size, however, allows orders of 2..8 to access
> outside unmap_pool and returns an invalid address. Ensure
> we fall into the default path and report a BUG() when
> CONFIG_DMA_ENGINE_RAID is defined and order is out of range.
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>  drivers/dma/dmaengine.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c
> index 8c9f45f..6027e66 100644
> --- a/drivers/dma/dmaengine.c
> +++ b/drivers/dma/dmaengine.c
> @@ -1100,12 +1100,14 @@ static struct dmaengine_unmap_pool *__get_unmap_pool(int nr)
>  	switch (order) {
>  	case 0 ... 1:
>  		return &unmap_pool[0];
> +	#if IS_ENABLED(CONFIG_DMA_ENGINE_RAID)

Okay if CONFIG_DMA_ENGINE_RAID is enabled (m or y) then IS_ENABLED
return 1, so we will go inside and not fall into default. And I though
by changelog that you want it to go to default in CONFIG_DMA_ENGINE_RAID
is defined!

What did I miss...

>  	case 2 ... 4:
>  		return &unmap_pool[1];
>  	case 5 ... 7:
>  		return &unmap_pool[2];
>  	case 8:
>  		return &unmap_pool[3];
> +	#endif
>  	default:
>  		BUG();
>  		return NULL;
> -- 
> 2.8.1
> 

-- 
~Vinod