Received: by 10.213.65.68 with SMTP id h4csp381770imn;
        Wed, 21 Mar 2018 22:18:48 -0700 (PDT)
X-Google-Smtp-Source: AG47ELuwkjM21jEupbBeOqcv8IlcjOdkKuw/6Sx1b1kLGAr1x54QB+oE/opASGepOweZkulvJ9Uu
X-Received: by 10.98.47.70 with SMTP id v67mr19075708pfv.95.1521695928283;
        Wed, 21 Mar 2018 22:18:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521695928; cv=none;
        d=google.com; s=arc-20160816;
        b=VUma3/iS0wzYTYHWE9DQ1gTkaSiR5Y25bwqqHh5Xsurv83jM6TxvCPIzj2AKd+koOq
         DxA5qKC66+xqD5a4Rs4qvvNntUqVRd4yFN8lBNpO1IYRuuIS33Rk6fO8/qPCRjHnWLLD
         yjTrcccD3J5+sYixgJVB6QII7wuptKZeJjjHMPjhzpQ3dnl1DN9E7VdU8Q5M+teKaGZy
         Xz8hbojI+zcVB9RdErhKtvFtCZU2/IqpAa6IECpao1p3VxwL0kyVxHflo6a9fyJQvuoA
         WvhUbggsl0u+XsAuZ7iSpc98YavHJbu3NK60If7Rpfbmjq25QH2hPEBXSrA+VBGob8w1
         2sUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=DvjPTZws9ji1vErojDTo4xXBXaoCwxB1pJS60gXhD+w=;
        b=SpT0gOvH/S7tISD2ApM6cBRx+RmkszijhzA1FYwUJtHejtXJyvmJcIXJvkNQIOp9mr
         eD4ldzjyuyrcZUv0cETHDac5cBSyRl4wXiS4EB93BK0AMN47kGviUZckFoILI6adBIAg
         5sgNmmH6FxYYmlMSTT9GzxNqoRTTioeTr6E2fVrgd932+t8RdjSbrznWACGV2oJhjC3U
         i8bY6EV/s/uo8pl80CaIXEO1HRhdNcwZMuerklBk9KJiAnI6k/mIAIaYG5p9nIkiAaGK
         WFkYwjchB+TGEBcnqG6Jo52wS+45N/Usm0q+nLI5dSFRwW1F5fTnbstySZiabedNdH/v
         Etsw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d16-v6si5686808plj.220.2018.03.21.22.18.33;
        Wed, 21 Mar 2018 22:18:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752257AbeCVFRo (ORCPT <rfc822;yingkeliu@gmail.com> + 99 others);
        Thu, 22 Mar 2018 01:17:44 -0400
Received: from mga05.intel.com ([192.55.52.43]:28737 "EHLO mga05.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752042AbeCVFRm (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 22 Mar 2018 01:17:42 -0400
X-Amp-Result: UNKNOWN
X-Amp-Original-Verdict: FILE UNKNOWN
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Mar 2018 22:17:42 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.48,343,1517904000"; 
   d="scan'208";a="35832958"
Received: from vkoul-udesk7.iind.intel.com (HELO localhost) ([10.223.84.143])
  by FMSMGA003.fm.intel.com with ESMTP; 21 Mar 2018 22:17:40 -0700
Date:   Thu, 22 Mar 2018 10:51:50 +0530
From:   Vinod Koul <vinod.koul@intel.com>
To:     Pierre-Yves MORDRET <pierre-yves.mordret@st.com>
Cc:     Maxime Coquelin <mcoquelin.stm32@gmail.com>,
        Alexandre Torgue <alexandre.torgue@st.com>,
        Dan Williams <dan.j.williams@intel.com>,
        M'boumba Cedric Madianga <cedric.madianga@gmail.com>,
        dmaengine@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1 1/1] dmaengine: stm32-dmamux: fix a potential buffer
 overflow
Message-ID: <20180322052150.GB15443@localhost>
References: <1520960135-26575-1-git-send-email-pierre-yves.mordret@st.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1520960135-26575-1-git-send-email-pierre-yves.mordret@st.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Mar 13, 2018 at 05:55:35PM +0100, Pierre-Yves MORDRET wrote:
> The bitfield dma_inuse is allocated of size dma_requests bits, thus a
> valid bit address is from 0 to (dma_requests - 1).
> When find_first_zero_bit() fails, it returns dma_requests as invalid
> address.
> Using such address for the following set_bit() is incorrect and, if
> dma_requests is a multiple of BITS_PER_LONG, it will cause a buffer
> overflow.
> Currently this driver is only used in DT stm32h743.dtsi where a safe value
> dma_requests=16 is not triggering the buffer overflow.
> 
> Fixed by checking the return value of find_first_zero_bit() _before_
> using it.

Applied, thanks

-- 
~Vinod