Re: [PATCH 1/2] mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 11 Jul 2024 at 10:18, Bastien Curutchet
<bastien.curutchet@xxxxxxxxxxx> wrote:
>
> No check is done on the size of the data to be transmiited. This causes
> a kernel panic when this size exceeds the sg_miter's length.
>
> Limit the number of transmitted bytes to sgm->length.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: ed01d210fd91 ("mmc: davinci_mmc: Use sg_miter for PIO")
> Signed-off-by: Bastien Curutchet <bastien.curutchet@xxxxxxxxxxx>

Applied for fixes, thanks!

Kind regards
Uffe


> ---
>  drivers/mmc/host/davinci_mmc.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/drivers/mmc/host/davinci_mmc.c b/drivers/mmc/host/davinci_mmc.c
> index d7427894e0bc..c302eb380e42 100644
> --- a/drivers/mmc/host/davinci_mmc.c
> +++ b/drivers/mmc/host/davinci_mmc.c
> @@ -224,6 +224,9 @@ static void davinci_fifo_data_trans(struct mmc_davinci_host *host,
>         }
>         p = sgm->addr;
>
> +       if (n > sgm->length)
> +               n = sgm->length;
> +
>         /* NOTE:  we never transfer more than rw_threshold bytes
>          * to/from the fifo here; there's no I/O overlap.
>          * This also assumes that access width( i.e. ACCWD) is 4 bytes
> --
> 2.45.0
>




[Index of Archives]     [Linux Memonry Technology]     [Linux USB Devel]     [Linux Media]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux