On Tue, Apr 25, 2017 at 07:25:49PM +0100, Catalin Marinas wrote:
> On Tue, Apr 25, 2017 at 07:22:23PM +0100, Catalin Marinas wrote:
> > The dma_common_pages_remap() function allocates a vm_struct object and
> > initialises the pages pointer to value passed as argument. However, when
> > this function is called dma_common_contiguous_remap(), the pages array
> > is only temporarily allocated, being freed shortly after
> > dma_common_contiguous_remap() returns. Architecture code checking the
> > validity of an area->pages pointer would incorrectly dereference already
> > freed pointers. This has been exposed by the arm64 commit 44176bb38fa4
> > ("arm64: Add support for DMA_ATTR_FORCE_CONTIGUOUS to IOMMU").
> >
> > Fixes: 513510ddba96 ("common: dma-mapping: introduce common remapping
> > functions")
> > Cc: Laura Abbott <[email protected]>
> > Cc: Greg Kroah-Hartman <[email protected]>
> > Reported-by: Andrzej Hajda <[email protected]>
> > Signed-off-by: Catalin Marinas <[email protected]>
>
> Small correction on the subject, the prefix should be something like:
>
> drivers: dma-mapping:
>
> It's not an arm64 patch.
If you want to take it through your tree:
Acked-by: Greg Kroah-Hartman <[email protected]>
otherwise feel free to resend it with a fixed subject line and I can
take it :)
thanks,
greg k-h
