usb: udc: core: Error if req->buf is either from vmalloc or stack

Check that req->buf is a valid DMA capable address, produce a warning
and return an error if it's either coming from vmalloc space or is an on
stack buffer.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c
index efce68e9a8e038557bdc36c8263bad03cef7e108..a03aec574f64a1375be3ccad9a8cc2a5dbe3913d 100644 (file)
--- a/drivers/usb/gadget/udc/core.c
+++ b/drivers/usb/gadget/udc/core.c
@@ -23,6 +23,7 @@
 #include <linux/list.h>
 #include <linux/err.h>
 #include <linux/dma-mapping.h>
+#include <linux/sched/task_stack.h>
 #include <linux/workqueue.h>
 
 #include <linux/usb/ch9.h>
@@ -798,6 +799,14 @@ int usb_gadget_map_request_by_dev(struct device *dev,
 
                req->num_mapped_sgs = mapped;
        } else {
+               if (is_vmalloc_addr(req->buf)) {
+                       dev_err(dev, "buffer is not dma capable\n");
+                       return -EFAULT;
+               } else if (object_is_on_stack(req->buf)) {
+                       dev_err(dev, "buffer is on stack\n");
+                       return -EFAULT;
+               }
+
                req->dma = dma_map_single(dev, req->buf, req->length,
                                is_in ? DMA_TO_DEVICE : DMA_FROM_DEVICE);