During memcpy operations the residue was always set to an u32 overflowed
value.
In pl330_tx_status() function number of currently transferred bytes was
subtracted from internal "bytes_requested" field. However this
"bytes_requested" was not initialized at start to length of memcpy
buffer so transferred bytes were subtracted from 0 causing overflow.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@xxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Fixes: aee4d1fac887 ("dmaengine: pl330: improve pl330_tx_status() function")
---
drivers/dma/pl330.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/dma/pl330.c b/drivers/dma/pl330.c
index f513f77b1d85..c535cd059724 100644
--- a/drivers/dma/pl330.c
+++ b/drivers/dma/pl330.c
@@ -2623,6 +2623,7 @@ pl330_prep_dma_memcpy(struct dma_chan *chan, dma_addr_t dst,
desc->rqcfg.brst_len = 1;
desc->rqcfg.brst_len = get_burst_len(desc, len);
+ desc->bytes_requested = len;
desc->txd.flags = flags;
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe dmaengine" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
