dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type - pm24.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>	2022-05-10 12:42:40 +0530
committer	Vinod Koul <vkoul@kernel.org>	2022-05-16 18:21:47 +0530
commit	f9a9f43a62a04ec3183fb0da9226c7706eed0115 (patch)
tree	060b6b7d3631b3a50b99fe77e41b2df5b50ebcc3 /kernel
parent	4734afb0d5ed3e56494ca6f28e51bafafef4c6aa (diff)

dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type

In zynqmp_dma_alloc/free_chan_resources functions there is a potential overflow in the below expressions. dma_alloc_coherent(chan->dev, (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS), &chan->desc_pool_p, GFP_KERNEL); dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) * ZYNQMP_DMA_NUM_DESCS), chan->desc_pool_v, chan->desc_pool_p); The arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though this overflow condition is not observed but it is a potential problem in the case of 32-bit multiplication. Hence fix it by changing the desc_size data type to size_t. In addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in dma_alloc_coherent API argument. Addresses-Coverity: Event overflow_before_widen. Signed-off-by: Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com> Link: https://lore.kernel.org/r/1652166762-18317-2-git-send-email-radhey.shyam.pandey@xilinx.com Signed-off-by: Vinod Koul <vkoul@kernel.org>

Diffstat (limited to 'kernel')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: