Skip to content

Commit dd08a8d

Browse files
raymond pangaxboe
raymond pang
authored and
axboe
committed
libata: fix using DMA buffers on stack
When CONFIG_VMAP_STACK=y, __pa() returns incorrect physical address for a stack virtual address. Stack DMA buffers must be avoided. Signed-off-by: raymond pang <raymondpangxd@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
1 parent 9bf7933 commit dd08a8d

File tree

1 file changed

+24
-10
lines changed

1 file changed

+24
-10
lines changed

drivers/ata/libata-zpodd.c

Lines changed: 24 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -52,38 +52,52 @@ static int eject_tray(struct ata_device *dev)
5252
/* Per the spec, only slot type and drawer type ODD can be supported */
5353
static enum odd_mech_type zpodd_get_mech_type(struct ata_device *dev)
5454
{
55-
char buf[16];
55+
char *buf;
5656
unsigned int ret;
57-
struct rm_feature_desc *desc = (void *)(buf + 8);
57+
struct rm_feature_desc *desc;
5858
struct ata_taskfile tf;
5959
static const char cdb[] = { GPCMD_GET_CONFIGURATION,
6060
2, /* only 1 feature descriptor requested */
6161
0, 3, /* 3, removable medium feature */
6262
0, 0, 0,/* reserved */
63-
0, sizeof(buf),
63+
0, 16,
6464
0, 0, 0,
6565
};
6666

67+
buf = kzalloc(16, GFP_KERNEL);
68+
if (!buf)
69+
return ODD_MECH_TYPE_UNSUPPORTED;
70+
desc = (void *)(buf + 8);
71+
6772
ata_tf_init(dev, &tf);
6873
tf.flags = ATA_TFLAG_ISADDR | ATA_TFLAG_DEVICE;
6974
tf.command = ATA_CMD_PACKET;
7075
tf.protocol = ATAPI_PROT_PIO;
71-
tf.lbam = sizeof(buf);
76+
tf.lbam = 16;
7277

7378
ret = ata_exec_internal(dev, &tf, cdb, DMA_FROM_DEVICE,
74-
buf, sizeof(buf), 0);
75-
if (ret)
79+
buf, 16, 0);
80+
if (ret) {
81+
kfree(buf);
7682
return ODD_MECH_TYPE_UNSUPPORTED;
83+
}
7784

78-
if (be16_to_cpu(desc->feature_code) != 3)
85+
if (be16_to_cpu(desc->feature_code) != 3) {
86+
kfree(buf);
7987
return ODD_MECH_TYPE_UNSUPPORTED;
88+
}
8089

81-
if (desc->mech_type == 0 && desc->load == 0 && desc->eject == 1)
90+
if (desc->mech_type == 0 && desc->load == 0 && desc->eject == 1) {
91+
kfree(buf);
8292
return ODD_MECH_TYPE_SLOT;
83-
else if (desc->mech_type == 1 && desc->load == 0 && desc->eject == 1)
93+
} else if (desc->mech_type == 1 && desc->load == 0 &&
94+
desc->eject == 1) {
95+
kfree(buf);
8496
return ODD_MECH_TYPE_DRAWER;
85-
else
97+
} else {
98+
kfree(buf);
8699
return ODD_MECH_TYPE_UNSUPPORTED;
100+
}
87101
}
88102

89103
/* Test if ODD is zero power ready by sense code */

0 commit comments

Comments
 (0)