linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-15 09:34:17 +00:00

History

Pierre-Yves MORDRET 3e4543bf20 dmaengine: stm32-dmamux: fix a potential buffer overflow

The bitfield dma_inuse is allocated of size dma_requests bits, thus a
valid bit address is from 0 to (dma_requests - 1).
When find_first_zero_bit() fails, it returns dma_requests as invalid
address.
Using such address for the following set_bit() is incorrect and, if
dma_requests is a multiple of BITS_PER_LONG, it will cause a buffer
overflow.
Currently this driver is only used in DT stm32h743.dtsi where a safe value
dma_requests=16 is not triggering the buffer overflow.

Fixed by checking the return value of find_first_zero_bit() _before_
using it.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: Pierre-Yves MORDRET <pierre-yves.mordret@st.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>

2018-03-22 10:51:35 +05:30

bestcomm

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

hsu

serial: 8250_mid: handle interrupt correctly in DMA case

2017-01-19 14:20:23 +01:00

ioat

Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu

2018-01-03 14:14:18 +01:00

ipu

dmaengine: ipu: Make sure the interrupt routine checks all interrupts.

2017-01-02 10:48:44 +05:30

ppc4xx

Merge branch 'topic/ppc4xx' into for-linus

2017-09-06 21:54:41 +05:30

qcom

Merge branch 'topic/qcom_hidma' into for-linus

2018-01-31 13:50:40 +05:30

dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3

2018-02-27 20:34:38 +05:30

xilinx

dmaengine: xilinx_dma: Free BD consistent memory

2018-01-08 16:24:50 +05:30

acpi-dma.c

dmaengine: acpi-dma: align debug message with flow

2016-02-22 09:06:09 +05:30

altera-msgdma.c

dmaengine: altera: Use IRQ-safe spinlock calls in the error paths as well

2017-10-20 11:51:10 +05:30

amba-pl08x.c

dmaengine: amba-pl08x: Use vchan_terminate_vdesc() instead of desc_free

2017-12-04 22:33:51 +05:30

at_hdmac_regs.h

dmaengine: at_hdmac: Remove unnecessary 0x prefixes before %pad

2017-11-08 10:47:04 +05:30

at_hdmac.c

dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved

2017-11-29 19:48:17 +05:30

at_xdmac.c

dmaengine: at_xdmac: Handle return value of clk_prepare_enable.

2017-08-21 22:20:44 +05:30

bcm2835-dma.c

dmaengine: bcm2835-dma: Use vchan_terminate_vdesc() instead of desc_free

2017-12-04 22:33:51 +05:30

bcm-sba-raid.c

dmaengine: bcm-sba-raid: Use common GPL comment header

2017-10-23 11:35:47 +05:30

coh901318_lli.c

dmaengine: coh901318: use NULL for pointer initialization

2016-09-26 22:28:24 +05:30

coh901318.c

dmaengine: coh901318: Remove unnecessary 0x prefixes before %pad

2017-11-08 10:46:46 +05:30

coh901318.h

dma: coh901318: merge header files

2013-01-07 17:36:37 +01:00

cppi41.c

dmaengine: cppi41: Fix channel queues array size check

2017-12-22 17:47:04 +05:30

dma-axi-dmac.c

dmaengine: axi-dmac: Fix software cyclic mode

2017-09-17 18:58:18 +05:30

dma-jz4740.c

dmaengine: jz4740: disable/unprepare clk if probe fails

2017-12-11 09:00:06 +05:30

dma-jz4780.c

dmaengine: dma-jz4780: Use vchan_terminate_vdesc() instead of desc_free

2017-12-04 22:33:51 +05:30

dmaengine.c

dmaengine: remove BUG_ON while registering devices

2017-08-28 09:39:46 +05:30

dmaengine.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

dmatest.c

dmaengine: dmatest: fix container_of member in dmatest_callback

2018-01-30 12:24:43 +05:30

edma.c

dmaengine: edma: Use vchan_terminate_vdesc() instead of desc_free

2017-12-04 22:33:51 +05:30

ep93xx_dma.c

dmaengine: ep93xx: Don't drain the transfers in terminate_all()

2017-05-24 09:52:46 +05:30

fsl_raid.c

dmaengine: fsl_raid: make of_device_ids const.

2017-06-29 09:25:28 +05:30

fsl_raid.h

dmaengine: Driver support for FSL RaidEngine device.

2015-04-02 16:10:27 +05:30

fsl-edma.c

dmaengine: fsl-edma: disable clks on all error paths

2017-12-15 09:53:04 +05:30

fsldma.c

dmaengine: remove DMA_SG as it is dead code in kernel

2017-08-22 09:22:11 +05:30

fsldma.h

dmaengine: fsldma: set BWC, DAHTS and SAHTS values correctly

2017-06-22 18:31:35 +05:30

idma64.c

dmaengine: idma64: clear LLP_[SD]_EN bits in last descriptor

2016-02-15 22:06:45 +05:30

idma64.h

asm-generic changes for 4.6

2016-03-24 23:13:48 -07:00

img-mdc-dma.c

dmaengine: img-mdc-dma: Use vchan_terminate_vdesc() instead of desc_free

2017-12-04 22:33:51 +05:30

imx-dma.c

ARM: 8745/1: get rid of __memzero()

2018-01-21 15:37:56 +00:00

imx-sdma.c

dmaengine: imx-sdma: Add MODULE_FIRMWARE

2017-12-22 17:35:44 +05:30

iop-adma.c

dmaengine: iop-adma: convert callback to helper function

2016-08-08 08:11:39 +05:30

k3dma.c

dmaengine: k3dma: Use vchan_terminate_vdesc() instead of desc_free

2017-12-04 22:33:51 +05:30

Kconfig

Merge branch 'topic/sprd' into for-linus

2017-11-14 10:36:09 +05:30

lpc18xx-dmamux.c

dmaengine: add driver for lpc18xx dmamux

2015-08-18 22:12:14 +05:30

Makefile

dmaengine updates for 4.15-rc1

2017-11-14 16:49:31 -08:00

mic_x100_dma.c

dmaengine: mic_x100_dma: Use PTR_ERR_OR_ZERO()

2017-12-04 22:40:38 +05:30

mic_x100_dma.h

dmaengine: Add an enum for the dmaengine alignment constraints

2015-08-05 10:53:52 +05:30

mmp_pdma.c

dmaengine: mmp_pdma: convert callback to helper function

2016-08-08 08:11:39 +05:30

mmp_tdma.c

Merge branch 'topic/err_reporting' into for-linus

2016-10-03 09:17:33 +05:30

moxart-dma.c

dmaengine: moxart: remove NO_IRQ

2016-09-05 16:40:52 +05:30

mpc512x_dma.c

Merge branch 'topic/err_reporting' into for-linus

2016-10-03 09:17:33 +05:30

mv_xor_v2.c

dmaengine: mv_xor_v2: Fix clock resource by adding a register clock

2018-03-11 20:33:27 +05:30

mv_xor.c

dmaengine: remove DMA_SG as it is dead code in kernel

2017-08-22 09:22:11 +05:30

mv_xor.h

dmaengine: mv_xor: Add support for scatter-gather DMA mode

2016-11-25 11:16:36 +05:30

mxs-dma.c

dmaengine: mxs: Use %zu for printing a size_t variable

2017-06-15 09:44:45 +05:30

nbpfaxi.c

dmaengine: nbpfaxi: Use of_device_get_match_data() helper

2017-10-12 22:20:51 +05:30

of-dma.c

dmaengine: Convert to using %pOF instead of full_name

2017-07-19 09:30:44 +05:30

omap-dma.c

dmaengine: omap-dma: Use vchan_terminate_vdesc() instead of desc_free

2017-12-04 22:33:51 +05:30

pch_dma.c

dmaengine: pch_dma: Replace PCI pool old API

2017-10-31 17:01:06 +05:30

pl330.c

dmaengine: pl330: fix descriptor allocation fail

2017-10-20 11:46:45 +05:30

pxa_dma.c

Revert "dmaengine: pxa_dma: add support for legacy transition"

2016-10-18 20:14:32 +05:30

s3c24xx-dma.c

dmaengine: s3c24xx-dma: Use vchan_terminate_vdesc() instead of desc_free

2017-12-04 22:33:51 +05:30

sa11x0-dma.c

dmaengine: sa11x0: add DMA filters

2017-09-27 16:11:51 +05:30

sirf-dma.c

dmaengine: sirf-dma: remove unused ‘sdesc’

2016-12-12 22:25:22 +05:30

sprd-dma.c

dmaengine: sprd: statify 'sprd_dma_prep_dma_memcpy'

2018-01-15 11:33:11 +05:30

st_fdma.c

dmaengine: st_fdma: Fix the error return code in st_fdma_probe()

2016-10-19 22:29:33 +05:30

st_fdma.h

dmaengine: st_fdma: Add STMicroelectronics FDMA driver header file

2016-10-18 20:12:06 +05:30

ste_dma40_ll.c

dmaengine: ste_dma40_ll: make d40_width_to_bits static

2016-06-08 08:59:55 +05:30

ste_dma40_ll.h

dmaengine: ste_dma40: Remove unnecessary call to d40_phy_cfg()

2013-05-23 21:13:19 +02:00

ste_dma40.c

Merge branch 'topic/dmatest' into for-linus

2017-09-06 21:55:10 +05:30

stm32-dma.c

dmaengine: stm32-dma: fix up error dev_err message

2017-03-06 10:41:24 +05:30

stm32-dmamux.c

dmaengine: stm32-dmamux: fix a potential buffer overflow

2018-03-22 10:51:35 +05:30

stm32-mdma.c

dmaengine: stm32_mdma: activate pack/unpack feature

2017-11-08 10:49:53 +05:30

sun4i-dma.c

dmaengine: sun4i: fix invalid argument

2017-04-24 09:50:05 +05:30

sun6i-dma.c

dmaengine: sun6i: Retrieve channel count/max request from devicetree

2017-10-23 11:44:03 +05:30

tegra20-apb-dma.c

dmaengine: tegra-apb: Support non-flow controlled slave configuration

2017-11-29 19:35:05 +05:30

tegra210-adma.c

dmaengine: tegra210-adma: fix of_irq_get() error check

2017-08-09 11:39:16 +05:30

ti-dma-crossbar.c

dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63

2017-12-22 17:48:07 +05:30

timb_dma.c

dmaengine: timb_dma: fix spelling mistake: "Couldnt" -> "Couldn't"

2017-12-11 08:57:38 +05:30

TODO

dmaengine: dw: don't perform DMA when dmaengine_submit is called

2014-07-15 22:14:30 +05:30

txx9dmac.c

dmaengine: txx9dmac: convert callback to helper function

2016-08-08 08:11:41 +05:30

txx9dmac.h

MIPS: Replace MIPS-specific 64BIT_PHYS_ADDR with generic PHYS_ADDR_T_64BIT

2014-11-24 22:46:44 +01:00

virt-dma.c

dmaengine: virt-dma: Add helper to free/reuse a descriptor

2017-12-04 22:33:51 +05:30

virt-dma.h

dmaengine: virt-dma: Support for race free transfer termination

2017-12-04 22:33:51 +05:30

xgene-dma.c

dmaengine: xgene-dma: remove unused xgene_dma_invalidate_buffer

2017-08-22 22:13:44 +05:30

zx_dma.c

dmaengine: zx: fix build warning

2017-01-25 15:33:45 +05:30