On 14-10-19, 13:32, Vinod Koul wrote: > On 24-09-19, 09:49, Robin Gong wrote: > > Illegal memory will be touch if SDMA_SCRIPT_ADDRS_ARRAY_SIZE_V3 > > (41) exceed the size of structure sdma_script_start_addrs(40), > > thus cause memory corrupt such as slob block header so that kernel > > trap into while() loop forever in slob_free(). Please refer to below > > code piece in imx-sdma.c: > > for (i = 0; i < sdma->script_number; i++) > > if (addr_arr[i] > 0) > > saddr_arr[i] = addr_arr[i]; /* memory corrupt here */ > > That issue was brought by commit a572460be9cf ("dmaengine: imx-sdma: Add > > support for version 3 firmware") because SDMA_SCRIPT_ADDRS_ARRAY_SIZE_V3 > > (38->41 3 scripts added) not align with script number added in > > sdma_script_start_addrs(2 scripts). > > Applied, thanks And after applying I noticed the patch title is not apt. The patch title should reflect the change and not the cause or result. So I have modified the title to: "dmaengine: imx-sdma: fix size check for sdma script_number" Thanks -- ~Vinod