2021-09-14 08:30:35

by Harini Katakam

[permalink] [raw]
Subject: [PATCH 2/4] dmaengine: zynqmp_dma: Typecast the variable with dma_addr_t to handle overflow

From: Shravya Kumbham <[email protected]>

In zynqmp_dma_alloc_chan_resources function there is a potential
overflow in the below expression.

desc->src_p = chan->desc_pool_p + (i * ZYNQMP_DMA_DESC_SIZE(chan*2);

The macro ZYNQMP_DMA_DESC_SIZE and variable i are 32-bit. Though
this overflow condition is not observed but it is a potential problem
in the case of 32-bit multiplication. Hence fix it by using typecast.

Addresses-Coverity: Event overflow_before_widen.
Signed-off-by: Shravya Kumbham <[email protected]>
Reviewed-by: Radhey Shyam Pandey <[email protected]>
---
drivers/dma/xilinx/zynqmp_dma.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/dma/xilinx/zynqmp_dma.c b/drivers/dma/xilinx/zynqmp_dma.c
index 2d0eba25739d..d28b9ffb4309 100644
--- a/drivers/dma/xilinx/zynqmp_dma.c
+++ b/drivers/dma/xilinx/zynqmp_dma.c
@@ -502,7 +502,8 @@ static int zynqmp_dma_alloc_chan_resources(struct dma_chan *dchan)
(i * ZYNQMP_DMA_DESC_SIZE(chan) * 2));
desc->dst_v = (struct zynqmp_dma_desc_ll *) (desc->src_v + 1);
desc->src_p = chan->desc_pool_p +
- (i * ZYNQMP_DMA_DESC_SIZE(chan) * 2);
+ ((dma_addr_t)i * ZYNQMP_DMA_DESC_SIZE(chan)
+ * 2);
desc->dst_p = desc->src_p + ZYNQMP_DMA_DESC_SIZE(chan);
}

--
2.17.1