Hello Sinan Kaya,
The patch 7f8f209fd6e0: "dmaengine: add Qualcomm Technologies HIDMA
management driver" from Feb 4, 2016, leads to the following Smatch
static checker warning:
drivers/dma/qcom/hidma_mgmt.c:101 hidma_mgmt_setup()
warn: uncapped user loop index 'i'
drivers/dma/qcom/hidma_mgmt.c
91 }
92
93 if (mgmtdev->max_rd_xactions > HIDMA_MAX_RD_XACTIONS_MASK) {
94 dev_err(&mgmtdev->pdev->dev,
95 "max_rd_xactions cannot be bigger than %ld\n",
96 HIDMA_MAX_RD_XACTIONS_MASK);
97 return -EINVAL;
98 }
99
100 for (i = 0; i < mgmtdev->dma_channels; i++) {
--> 101 if (mgmtdev->priority[i] > 1) {
^^^^^^^^^^^^^^^^^^^^
The sysfs interface lets you set mgmtdev->dma_channels so this is an
array out of bounds access. It's in hidma_mgmt_sys.c
drivers/dma/qcom/hidma_mgmt_sys.c
26 #define IMPLEMENT_GETSET(name) \
27 static int get_##name(struct hidma_mgmt_dev *mdev) \
28 { \
29 return mdev->name; \
30 } \
31 static int set_##name(struct hidma_mgmt_dev *mdev, u64 val) \
32 { \
33 u64 tmp; \
34 int rc; \
35 \
36 tmp = mdev->name; \
37 mdev->name = val; \
38 rc = hidma_mgmt_setup(mdev); \
39 if (rc) \
40 mdev->name = tmp; \
41 return rc; \
42 }
43
44 #define DECLARE_ATTRIBUTE(name, mode) \
45 {#name, mode, get_##name, set_##name}
46
47 IMPLEMENT_GETSET(hw_version_major)
48 IMPLEMENT_GETSET(hw_version_minor)
49 IMPLEMENT_GETSET(max_wr_xactions)
50 IMPLEMENT_GETSET(max_rd_xactions)
51 IMPLEMENT_GETSET(max_write_request)
52 IMPLEMENT_GETSET(max_read_request)
53 IMPLEMENT_GETSET(dma_channels)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
54 IMPLEMENT_GETSET(chreset_timeout_cycles)
regards,
dan carpenter
