dd65a18b20
commit dfef01e150824b0e6da750cacda8958188d29aea upstream. snd_dma_alloc_pages_fallback() tries to allocate pages again when the allocation fails with reduced size. But the first try actually *increases* the size to power-of-two, which may give back a larger chunk than the requested size. This confuses the callers, e.g. sgbuf assumes that the size is equal or less, and it may result in a bad loop due to the underflow and eventually lead to Oops. The code of this function seems incorrectly assuming the usage of get_order(). We need to decrease at first, then align to power-of-two. Reported-and-tested-by: he, bo <bo.he@intel.com> Reported-by: zhang jun <jun.zhang@intel.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| oss | ||
| seq | ||
| compress_offload.c | ||
| control_compat.c | ||
| control.c | ||
| ctljack.c | ||
| device.c | ||
| hrtimer.c | ||
| hwdep_compat.c | ||
| hwdep.c | ||
| info_oss.c | ||
| info.c | ||
| init.c | ||
| isadma.c | ||
| jack.c | ||
| Kconfig | ||
| Makefile | ||
| memalloc.c | ||
| memory.c | ||
| misc.c | ||
| pcm_compat.c | ||
| pcm_dmaengine.c | ||
| pcm_drm_eld.c | ||
| pcm_iec958.c | ||
| pcm_lib.c | ||
| pcm_memory.c | ||
| pcm_misc.c | ||
| pcm_native.c | ||
| pcm_timer.c | ||
| pcm_trace.h | ||
| pcm.c | ||
| rawmidi_compat.c | ||
| rawmidi.c | ||
| rtctimer.c | ||
| sgbuf.c | ||
| sound_oss.c | ||
| sound.c | ||
| timer_compat.c | ||
| timer.c | ||
| vmaster.c | ||