[PATCH 2/4] dmaengine: zynqmp_dma: Typecast the variable with dma_addr_t to handle overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Shravya Kumbham <shravya.kumbham@xxxxxxxxxx>

In zynqmp_dma_alloc_chan_resources function there is a potential
overflow in the below expression.

desc->src_p = chan->desc_pool_p + (i * ZYNQMP_DMA_DESC_SIZE(chan*2);

The macro ZYNQMP_DMA_DESC_SIZE and variable i are 32-bit. Though
this overflow condition is not observed but it is a potential problem
in the case of 32-bit multiplication. Hence fix it by using typecast.

Addresses-Coverity: Event overflow_before_widen.
Signed-off-by: Shravya Kumbham <shravya.kumbham@xxxxxxxxxx>
Reviewed-by: Radhey Shyam Pandey <radhey.shyam.pandey@xxxxxxxxxx>
---
 drivers/dma/xilinx/zynqmp_dma.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/dma/xilinx/zynqmp_dma.c b/drivers/dma/xilinx/zynqmp_dma.c
index 2d0eba25739d..d28b9ffb4309 100644
--- a/drivers/dma/xilinx/zynqmp_dma.c
+++ b/drivers/dma/xilinx/zynqmp_dma.c
@@ -502,7 +502,8 @@ static int zynqmp_dma_alloc_chan_resources(struct dma_chan *dchan)
 					(i * ZYNQMP_DMA_DESC_SIZE(chan) * 2));
 		desc->dst_v = (struct zynqmp_dma_desc_ll *) (desc->src_v + 1);
 		desc->src_p = chan->desc_pool_p +
-				(i * ZYNQMP_DMA_DESC_SIZE(chan) * 2);
+				((dma_addr_t)i * ZYNQMP_DMA_DESC_SIZE(chan)
+				 * 2);
 		desc->dst_p = desc->src_p + ZYNQMP_DMA_DESC_SIZE(chan);
 	}
 
-- 
2.17.1




[Index of Archives]     [Linux Kernel]     [Linux ARM (vger)]     [Linux ARM MSM]     [Linux Omap]     [Linux Arm]     [Linux Tegra]     [Fedora ARM]     [Linux for Samsung SOC]     [eCos]     [Linux PCI]     [Linux Fastboot]     [Gcc Help]     [Git]     [DCCP]     [IETF Announce]     [Security]     [Linux MIPS]     [Yosemite Campsites]

  Powered by Linux