[PATCH 4.1 21/84] dmaengine: pl330: Fix overflow when reporting residue in memcpy

From: Greg Kroah-Hartman
Date: Fri Aug 14 2015 - 13:43:13 EST

4.1-stable review patch. If anyone has any objections, please let me know.


From: Krzysztof Kozlowski <k.kozlowski@xxxxxxxxxxx>

commit ae128293d97404f491dc76f1843c7adacfec3441 upstream.

During memcpy operations the residue was always set to an u32 overflowed

In pl330_tx_status() function number of currently transferred bytes was
subtracted from internal "bytes_requested" field. However this
"bytes_requested" was not initialized at start to length of memcpy
buffer so transferred bytes were subtracted from 0 causing overflow.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@xxxxxxxxxxx>
Fixes: aee4d1fac887 ("dmaengine: pl330: improve pl330_tx_status() function")
Signed-off-by: Vinod Koul <vinod.koul@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

drivers/dma/pl330.c | 1 +
1 file changed, 1 insertion(+)

--- a/drivers/dma/pl330.c
+++ b/drivers/dma/pl330.c
@@ -2621,6 +2621,7 @@ pl330_prep_dma_memcpy(struct dma_chan *c
desc->rqcfg.brst_len = 1;

desc->rqcfg.brst_len = get_burst_len(desc, len);
+ desc->bytes_requested = len;

desc->txd.flags = flags;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/