linux/drivers/dma
Robin Gong bd73dfabdd dmaengine: imx-sdma: fix size check for sdma script_number
Illegal memory will be touch if SDMA_SCRIPT_ADDRS_ARRAY_SIZE_V3
(41) exceed the size of structure sdma_script_start_addrs(40),
thus cause memory corrupt such as slob block header so that kernel
trap into while() loop forever in slob_free(). Please refer to below
code piece in imx-sdma.c:
for (i = 0; i < sdma->script_number; i++)
	if (addr_arr[i] > 0)
		saddr_arr[i] = addr_arr[i]; /* memory corrupt here */
That issue was brought by commit a572460be9 ("dmaengine: imx-sdma: Add
support for version 3 firmware") because SDMA_SCRIPT_ADDRS_ARRAY_SIZE_V3
(38->41 3 scripts added) not align with script number added in
sdma_script_start_addrs(2 scripts).

Fixes: a572460be9 ("dmaengine: imx-sdma: Add support for version 3 firmware")
Cc: stable@vger.kernel
Link: https://www.spinics.net/lists/arm-kernel/msg754895.html
Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Reported-by: Jurgen Lambrecht <J.Lambrecht@TELEVIC.com>
Link: https://lore.kernel.org/r/1569347584-3478-1-git-send-email-yibin.gong@nxp.com
[vkoul: update the patch title]
Signed-off-by: Vinod Koul <vkoul@kernel.org>
2019-10-14 13:33:44 +05:30
..
bestcomm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
dw dmaengine: dw: platform: Split OF helpers to separate module 2019-08-21 09:41:28 +05:30
dw-axi-dmac dmaengine fixes for v5.2-rc4 2019-06-08 12:46:31 -07:00
dw-edma dmaengine: dw-edma: fix endianess confusion 2019-07-22 20:58:15 +05:30
hsu dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
ioat dmanegine: ioat/dca: Use struct_size() helper 2019-09-04 10:17:14 +05:30
ipu treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mediatek dmaengine: Remove dev_err() usage after platform_get_irq() 2019-07-31 20:50:53 +05:30
ppc4xx treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 7 2019-05-21 11:28:40 +02:00
qcom dmaengine: qcom: hidma_mgmt: Add of_node_put() before goto 2019-08-08 17:56:50 +05:30
sh dmaengine updates for v5.4-rc1 2019-09-17 19:04:40 -07:00
ti dmaengine updates for v5.4-rc1 2019-09-17 19:04:40 -07:00
xilinx dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
acpi-dma.c dmaengine: acpi: Add kernel doc parameter descriptions 2019-08-21 09:41:27 +05:30
altera-msgdma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
amba-pl08x.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
at_hdmac_regs.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
at_hdmac.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
at_xdmac.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
bcm2835-dma.c dmaengine updates for v5.4-rc1 2019-09-17 19:04:40 -07:00
bcm-sba-raid.c dmaengine: bcm-sba-raid: no need to check return value of debugfs_create functions 2019-06-14 11:14:58 +05:30
coh901318_lli.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
coh901318.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
coh901318.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
dma-axi-dmac.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
dma-jz4780.c dmaengine: Remove dev_err() usage after platform_get_irq() 2019-07-31 20:50:53 +05:30
dmaengine.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
dmaengine.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dmatest.c dmaengine: dmatest: Add support for completion polling 2019-09-04 10:14:22 +05:30
ep93xx_dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
fsl_raid.c dmaengine: fsl_raid: make of_device_ids const. 2017-06-29 09:25:28 +05:30
fsl_raid.h
fsl-edma-common.c dmaengine: change alignment of mux_configure32 and fsl_edma_chan_mux 2019-08-20 17:09:34 +05:30
fsl-edma-common.h dmaengine: fsl-edma: add i.mx7ulp edma2 version support 2019-08-08 17:54:36 +05:30
fsl-edma.c dmaengine: fsl-edma: implement .device_synchronize callback 2019-08-08 19:01:58 +05:30
fsl-qdma.c dmaengine: Remove dev_err() usage after platform_get_irq() 2019-07-31 20:50:53 +05:30
fsldma.c dmaengine: fsldma: Mark expected switch fall-through 2019-08-20 19:42:34 -05:00
fsldma.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 40 2019-05-24 17:27:12 +02:00
idma64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
idma64.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
img-mdc-dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 422 2019-06-05 17:37:15 +02:00
imx-dma.c dmaengine: imx-dma: Mark expected switch fall-through 2019-07-31 20:49:04 +05:30
imx-sdma.c dmaengine: imx-sdma: fix size check for sdma script_number 2019-10-14 13:33:44 +05:30
iop-adma.c dmaengine updates for v5.4-rc1 2019-09-17 19:04:40 -07:00
iop-adma.h dma: iop-adma: allow building without platform headers 2019-08-14 15:36:22 +02:00
k3dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Kconfig Main MIPS changes for v5.4: 2019-09-22 09:30:30 -07:00
lpc18xx-dmamux.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Makefile dma: Drop JZ4740 driver 2019-07-30 10:41:53 -07:00
mcf-edma.c dmaengine: fsl-edma: add drvdata for fsl-edma 2019-07-03 13:28:22 +05:30
mic_x100_dma.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
mic_x100_dma.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 290 2019-06-05 17:36:38 +02:00
mmp_pdma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mmp_tdma.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
moxart-dma.c treewide: Use struct_size() for kmalloc()-family 2018-06-06 11:15:43 -07:00
mpc512x_dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 7 2019-05-21 11:28:40 +02:00
mv_xor_v2.c dmaengine: mv_xor_v2: Fix -Wshift-negative-value 2019-08-20 17:06:36 +05:30
mv_xor.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
mv_xor.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
mxs-dma.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
nbpfaxi.c dmaengine: nbpfaxi: Use dev_get_drvdata() 2019-04-29 10:47:15 +05:30
of-dma.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
owl-dma.c dmaengine: owl: Fix warnings generated during build 2018-10-15 22:39:16 +05:30
pch_dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
pl330.c dmaengine: pl330: use the same attributes when freeing pl330->mcode_cpu 2019-08-08 18:49:43 +05:30
pxa_dma.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
s3c24xx-dma.c dmaengine: Remove dev_err() usage after platform_get_irq() 2019-07-31 20:50:53 +05:30
sa11x0-dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sirf-dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 4 2019-05-21 11:28:40 +02:00
sprd-dma.c dmaengine: sprd: Fix the link-list pointer register configuration issue 2019-10-14 10:32:18 +05:30
st_fdma.c dmaengine: Remove dev_err() usage after platform_get_irq() 2019-07-31 20:50:53 +05:30
st_fdma.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ste_dma40_ll.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
ste_dma40_ll.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194 2019-05-30 11:29:22 -07:00
ste_dma40.c dmaengine: ste_dma40: fix unneeded variable warning 2019-07-22 20:58:33 +05:30
stm32-dma.c dmaengine: stm32-dma: Use struct_size() helper 2019-09-04 10:25:08 +05:30
stm32-dmamux.c dmaengine: stm32-dmamux: Switch to use device_property_count_u32() 2019-07-29 12:25:21 +05:30
stm32-mdma.c dmaengine updates for v5.4-rc1 2019-09-17 19:04:40 -07:00
sun4i-dma.c dmaengine: Remove dev_err() usage after platform_get_irq() 2019-07-31 20:50:53 +05:30
sun6i-dma.c dmaengine: Remove dev_err() usage after platform_get_irq() 2019-07-31 20:50:53 +05:30
tegra20-apb-dma.c dmaengine: tegra-apb: Support per-burst residue granularity 2019-07-25 15:55:51 +05:30
tegra210-adma.c dmaengine: tegra210-adma: fix transfer failure 2019-10-14 12:40:38 +05:30
timb_dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
TODO
txx9dmac.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
txx9dmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
uniphier-mdmac.c dmaengine: Remove dev_err() usage after platform_get_irq() 2019-07-31 20:50:53 +05:30
virt-dma.c dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
virt-dma.h dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
xgene-dma.c dmaengine: Remove dev_err() usage after platform_get_irq() 2019-07-31 20:50:53 +05:30
zx_dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00