Skip to content

Commit

Permalink
mt76: fix potential DMA mapping leak
Browse files Browse the repository at this point in the history 
With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap
could potentially inherit a non-zero value from stack garbage.
If this happens, it will cause DMA mappings for MCU command frames to not be
unmapped after completion

Fixes: 27d5c528a7ca ("mt76: fix double DMA unmap of the first buffer on 7615/7915")
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@nbd.name>
  • Loading branch information
@nbd168
nbd168 committed Mar 23, 2021
1 parent be2f67e commit 09a1bef
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion dma.c
View file
Expand Up @@ -318,7 +318,7 @@ static int
mt76_dma_tx_queue_skb_raw(struct mt76_dev *dev, struct mt76_queue *q,
struct sk_buff *skb, u32 tx_info)
{
struct mt76_queue_buf buf;
struct mt76_queue_buf buf = {};
dma_addr_t addr;

if (q->queued + 1 >= q->ndesc - 1)
Expand Down

0 comments on commit 09a1bef

Please sign in to comment.