From: Shravya Kumbham <shravya.kumbham@xxxxxxxxxx> In zynqmp_dma_alloc_chan_resources function there is a potential overflow in the below expression. desc->src_p = chan->desc_pool_p + (i * ZYNQMP_DMA_DESC_SIZE(chan*2); The macro ZYNQMP_DMA_DESC_SIZE and variable i are 32-bit. Though this overflow condition is not observed but it is a potential problem in the case of 32-bit multiplication. Hence fix it by using typecast. Addresses-Coverity: Event overflow_before_widen. Signed-off-by: Shravya Kumbham <shravya.kumbham@xxxxxxxxxx> Reviewed-by: Radhey Shyam Pandey <radhey.shyam.pandey@xxxxxxxxxx> --- drivers/dma/xilinx/zynqmp_dma.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/dma/xilinx/zynqmp_dma.c b/drivers/dma/xilinx/zynqmp_dma.c index 2d0eba25739d..d28b9ffb4309 100644 --- a/drivers/dma/xilinx/zynqmp_dma.c +++ b/drivers/dma/xilinx/zynqmp_dma.c @@ -502,7 +502,8 @@ static int zynqmp_dma_alloc_chan_resources(struct dma_chan *dchan) (i * ZYNQMP_DMA_DESC_SIZE(chan) * 2)); desc->dst_v = (struct zynqmp_dma_desc_ll *) (desc->src_v + 1); desc->src_p = chan->desc_pool_p + - (i * ZYNQMP_DMA_DESC_SIZE(chan) * 2); + ((dma_addr_t)i * ZYNQMP_DMA_DESC_SIZE(chan) + * 2); desc->dst_p = desc->src_p + ZYNQMP_DMA_DESC_SIZE(chan); } -- 2.17.1
