diff mbox series

dmaengine: qcom-adm: fix wrong sizeof config in slave_config

Message ID 20220915204844.3838-1-ansuelsmth@gmail.com
State Accepted
Commit 7c8765308371be30f50c1b5b97618b731514b207
Headers show
Series dmaengine: qcom-adm: fix wrong sizeof config in slave_config | expand

Commit Message

Christian Marangi Sept. 15, 2022, 8:48 p.m. UTC
Fix broken slave_config function that uncorrectly compare the
peripheral_size with the size of the config pointer instead of the size
of the config struct. This cause the crci value to be ignored and cause
a kernel panic on any slave that use adm driver.

To fix this, compare to the size of the struct and NOT the size of the
pointer.

Fixes: 03de6b273805 ("dmaengine: qcom-adm: stop abusing slave_id config")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Cc: stable@vger.kernel.org # v5.17+
---
 drivers/dma/qcom/qcom_adm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Arnd Bergmann Sept. 16, 2022, 12:20 p.m. UTC | #1
On Thu, Sep 15, 2022, at 10:48 PM, Christian Marangi wrote:
> Fix broken slave_config function that uncorrectly compare the
> peripheral_size with the size of the config pointer instead of the size
> of the config struct. This cause the crci value to be ignored and cause
> a kernel panic on any slave that use adm driver.
>
> To fix this, compare to the size of the struct and NOT the size of the
> pointer.
>
> Fixes: 03de6b273805 ("dmaengine: qcom-adm: stop abusing slave_id config")
> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
> Cc: stable@vger.kernel.org # v5.17+

Thanks for the fix,

Reviewed-by: Arnd Bergmann <arnd@arndb.de>

I guess this worked on 64-bit by accident, since both the pointer
and the struct are 8 bytes, but it was clearly wrong and broke
32-bit.

     Arnd
Vinod Koul Sept. 29, 2022, 4:43 p.m. UTC | #2
On 15-09-22, 22:48, Christian Marangi wrote:
> Fix broken slave_config function that uncorrectly compare the
> peripheral_size with the size of the config pointer instead of the size
> of the config struct. This cause the crci value to be ignored and cause
> a kernel panic on any slave that use adm driver.
> 
> To fix this, compare to the size of the struct and NOT the size of the
> pointer.

Applied, thanks
diff mbox series

Patch

diff --git a/drivers/dma/qcom/qcom_adm.c b/drivers/dma/qcom/qcom_adm.c
index facdacf8aede..c77d9de853de 100644
--- a/drivers/dma/qcom/qcom_adm.c
+++ b/drivers/dma/qcom/qcom_adm.c
@@ -494,7 +494,7 @@  static int adm_slave_config(struct dma_chan *chan, struct dma_slave_config *cfg)
 
 	spin_lock_irqsave(&achan->vc.lock, flag);
 	memcpy(&achan->slave, cfg, sizeof(struct dma_slave_config));
-	if (cfg->peripheral_size == sizeof(config))
+	if (cfg->peripheral_size == sizeof(*config))
 		achan->crci = config->crci;
 	spin_unlock_irqrestore(&achan->vc.lock, flag);