can: mcba_usb_start(): add missing urb->transfer_dma initialization
stable inclusion from stable-v4.19.201 commit ab9597bc0fa772d478fb02b10a7b10b2887b3736 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9R4I3 CVE: CVE-2021-47231 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ab9597bc0fa772d478fb02b10a7b10b2887b3736 -------------------------------- commit fc43fb69 upstream. Yasushi reported, that his Microchip CAN Analyzer stopped working since commit 91c02557 ("can: mcba_usb: fix memory leak in mcba_usb"). The problem was in missing urb->transfer_dma initialization. In my previous patch to this driver I refactored mcba_usb_start() code to avoid leaking usb coherent buffers. To archive it, I passed local stack variable to usb_alloc_coherent() and then saved it to private array to correctly free all coherent buffers on ->close() call. But I forgot to initialize urb->transfer_dma with variable passed to usb_alloc_coherent(). All of this was causing device to not work, since dma addr 0 is not valid and following log can be found on bug report page, which points exactly to problem described above. | DMAR: [DMA Write] Request device [00:14.0] PASID ffffffff fault addr 0 [fault reason 05] PTE Write access is not set Fixes: 91c02557 ("can: mcba_usb: fix memory leak in mcba_usb") Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990850 Link: https://lore.kernel.org/r/20210725103630.23864-1-paskripkin@gmail.com Cc: linux-stable <stable@vger.kernel.org> Reported-by:Yasushi SHOJI <yasushi.shoji@gmail.com> Signed-off-by:
Loading
Please sign in to comment