mtk-sd: Prevent memory corruption from DMA map failure

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If msdc_prepare_data() fails to map the DMA region, the request is
not prepared for data receiving, but msdc_start_data() proceeds
the DMA with previous setting.
Since this will lead a memory corruption, we have to stop the
request operation soon after the msdc_prepare_data() fails to
prepare it.

Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Fixes: 208489032bdd ("mmc: mediatek: Add Mediatek MMC driver")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/174972756982.3337526.6755001617701603082.stgit@mhiramat.tok.corp.google.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>

authored by

Masami Hiramatsu (Google) and committed by

Ulf Hansson 9 months ago f5de4699 539d8057

+16 -1

1 changed file

expand all

drivers

mmc

host

mtk-sd.c

+16 -1

drivers/mmc/host/mtk-sd.c

··· 853 853 } 854 854 } 855 855 856 + static bool msdc_data_prepared(struct mmc_data *data) 857 + { 858 + return data->host_cookie & MSDC_PREPARE_FLAG; 859 + } 860 + 856 861 static void msdc_unprepare_data(struct msdc_host *host, struct mmc_data *data) 857 862 { 858 863 if (data->host_cookie & MSDC_ASYNC_FLAG) ··· 1489 1484 WARN_ON(!host->hsq_en && host->mrq); 1490 1485 host->mrq = mrq; 1491 1486 1492 - if (mrq->data) 1487 + if (mrq->data) { 1493 1488 msdc_prepare_data(host, mrq->data); 1489 + if (!msdc_data_prepared(mrq->data)) { 1490 + /* 1491 + * Failed to prepare DMA area, fail fast before 1492 + * starting any commands. 1493 + */ 1494 + mrq->cmd->error = -ENOSPC; 1495 + mmc_request_done(mmc_from_priv(host), mrq); 1496 + return; 1497 + } 1498 + } 1494 1499 1495 1500 /* if SBC is required, we have HW option and SW option. 1496 1501 * if HW option is enabled, and SBC does not have "special" flags,