From dc00fb8fa54c037b06f9830a9ee627836dfa8f40 Mon Sep 17 00:00:00 2001 From: Lin Bai Date: Fri, 4 Aug 2017 14:26:18 +0800 Subject: [PATCH] qcacld-3.0: Kernel crash as incorrect DMA buffer size When HTT attached, driver allocates DMA buffer to record each RX ring entry, with element size - target_paddr_t, which is bus size, and may be different from kernel's physical address size. While in htt_rx_detach, size of qdf_dma_addr_t used for buffer free. In case kernel built as 64-bit, and bus size as default 32-bit, it will crash when free. Use same element size to avoid it. CRs-Fixed: 2087592 Change-Id: Iabe95f92ea82b736213a8b81453163229b2a3a3b --- core/dp/htt/htt_rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/dp/htt/htt_rx.c b/core/dp/htt/htt_rx.c index 31aa5fd0f3..f76026e6bd 100644 --- a/core/dp/htt/htt_rx.c +++ b/core/dp/htt/htt_rx.c @@ -699,7 +699,7 @@ void htt_rx_detach(struct htt_pdev_t *pdev) memctx)); qdf_mem_free_consistent(pdev->osdev, pdev->osdev->dev, - pdev->rx_ring.size * sizeof(qdf_dma_addr_t), + pdev->rx_ring.size * sizeof(target_paddr_t), pdev->rx_ring.buf.paddrs_ring, pdev->rx_ring.base_paddr, qdf_get_dma_mem_context((&pdev->rx_ring.buf),