Le 27/05/2023 à 09:32, Christophe JAILLET a écrit :
Then, this number of item is stored in 'mcf_edma->n_chans'.
A few lines later, if 'mcf_edma->n_chans' is 0, then a default value of 64
is set.
This ends to no space allocated by devm_kzalloc() because chans was 0, but
64 items are read and/or written in some not allocated memory.
Change the logic to define a default value before allocating the memory.
Fixes: e7a3ff92eaf1 ("dmaengine: fsl-edma: add ColdFire mcf5441x edma support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
---
If I'm correct, then:
- the default value is hard-coded as 64. There is also a
#define EDMA_CHANNELS 64
which maybe could be used, or renamed as EDMA_DEFAULT_CHANNELS
- mcf_edma_err_handler() looks bogus, because it considers that
mcf_edma->chans has EDMA_CHANNELS items.
I guess that something related to mcf_edma->n_chans is what is
expected, but how should this be done?
Maybe, the EDMA_CHANNELS value should be used all the time?
Maybe, the number of chans should be limited to EDMA_CHANNELS?
Maybe, the number of chans should be at least EDMA_CHANNELS?
Maybe, maybe, maybe, but me, I don't know :(
All I know is that this patch compiles :)
and that it can gives Dan an idea for smatch for checking access to un-allocated
memory related to flexible array :)
---
drivers/dma/mcf-edma.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
NAK, subject line missing.
A better V2 has been sent.
