Commit 3318b2362bf0528be77123c480249663557dfbfc
Committed by
Marcel Holtmann
Marcel Holtmann
1 parent
9374253ffe
Exists in
master
and in
4 other branches
Bluetooth: Fix incorrect alignment in Marvell BT-over-SDIO driver
The driver uses "u32" for alignment check and calculation which works only on 32-bit system. It will crash the 64-bit system. Replace "u32" with "unsigned long" to fix this issue. Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Showing 2 changed files with 9 additions and 6 deletions Side-by-side Diff
drivers/bluetooth/btmrvl_sdio.c
| ... | ... | @@ -481,12 +481,14 @@ |
| 481 | 481 | goto exit; |
| 482 | 482 | } |
| 483 | 483 | |
| 484 | - if ((u32) skb->data & (BTSDIO_DMA_ALIGN - 1)) { | |
| 485 | - skb_put(skb, (u32) skb->data & (BTSDIO_DMA_ALIGN - 1)); | |
| 486 | - skb_pull(skb, (u32) skb->data & (BTSDIO_DMA_ALIGN - 1)); | |
| 484 | + if ((unsigned long) skb->data & (BTSDIO_DMA_ALIGN - 1)) { | |
| 485 | + skb_put(skb, (unsigned long) skb->data & | |
| 486 | + (BTSDIO_DMA_ALIGN - 1)); | |
| 487 | + skb_pull(skb, (unsigned long) skb->data & | |
| 488 | + (BTSDIO_DMA_ALIGN - 1)); | |
| 487 | 489 | } |
| 488 | 490 | |
| 489 | - payload = skb->tail; | |
| 491 | + payload = skb->data; | |
| 490 | 492 | |
| 491 | 493 | ret = sdio_readsb(card->func, payload, card->ioport, |
| 492 | 494 | buf_block_len * blksz); |
| ... | ... | @@ -773,7 +775,7 @@ |
| 773 | 775 | } |
| 774 | 776 | |
| 775 | 777 | buf = payload; |
| 776 | - if ((u32) payload & (BTSDIO_DMA_ALIGN - 1)) { | |
| 778 | + if ((unsigned long) payload & (BTSDIO_DMA_ALIGN - 1)) { | |
| 777 | 779 | tmpbufsz = ALIGN_SZ(nb, BTSDIO_DMA_ALIGN); |
| 778 | 780 | tmpbuf = kmalloc(tmpbufsz, GFP_KERNEL); |
| 779 | 781 | memset(tmpbuf, 0, tmpbufsz); |
drivers/bluetooth/btmrvl_sdio.h