Re: [PATCH] USB: whci-hcd: add more checks for dma mapping error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 25.03.2016 22:23, Alexey Khoroshilov wrote:
> Fixing checks for dma mapping error in qset_fill_page_list(),
> I have missed two similar problems in qset_add_urb_sg() and
> in qset_add_urb_sg_linearize().
> 
> Found by Linux Driver Verification project (linuxtesting.org).
> 
> Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
> ---
>  drivers/usb/host/whci/qset.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/host/whci/qset.c b/drivers/usb/host/whci/qset.c
> index 1a8e960d073b..a8e9b618e643 100644
> --- a/drivers/usb/host/whci/qset.c
> +++ b/drivers/usb/host/whci/qset.c
> @@ -535,9 +535,11 @@ static int qset_add_urb_sg(struct whc *whc, struct whc_qset *qset, struct urb *u
>  	list_for_each_entry(std, &qset->stds, list_node) {
>  		if (std->ntds_remaining == -1) {
>  			pl_len = std->num_pointers * sizeof(struct whc_page_list_entry);
> -			std->ntds_remaining = ntds--;
>  			std->dma_addr = dma_map_single(whc->wusbhc.dev, std->pl_virt,
>  						       pl_len, DMA_TO_DEVICE);
> +			if (dma_mapping_error(whc->wusbhc.dev, std->dma_addr))
> +				return -EFAULT;

Resources are leaked on error path:
* std->pl_virt  -- most probably, at least it is freed on error path above,
* dma mappings done in a loop before met error,

> +			std->ntds_remaining = ntds--;
>  		}
>  	}
>  	return 0;
> @@ -618,6 +620,8 @@ static int qset_add_urb_sg_linearize(struct whc *whc, struct whc_qset *qset,
>  
>  		std->dma_addr = dma_map_single(&whc->umc->dev, std->bounce_buf, std->len,
>  					       is_out ? DMA_TO_DEVICE : DMA_FROM_DEVICE);
> +		if (dma_mapping_error(&whc->umc->dev, std->dma_addr))
> +			return -EFAULT;
>  
>  		if (qset_fill_page_list(whc, std, mem_flags) < 0)
>  			return -ENOMEM;
> 


--
With best wishes,
Vladimir
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux