[PATCH 3.19.y-ckt 070/130] dmaengine: pl330: Fix overflow when reporting residue in memcpy

From: Kamal Mostafa
Date: Thu Aug 27 2015 - 18:31:31 EST

3.19.8-ckt6 -stable review patch. If anyone has any objections, please let me know.


From: Krzysztof Kozlowski <k.kozlowski@xxxxxxxxxxx>

commit ae128293d97404f491dc76f1843c7adacfec3441 upstream.

During memcpy operations the residue was always set to an u32 overflowed

In pl330_tx_status() function number of currently transferred bytes was
subtracted from internal "bytes_requested" field. However this
"bytes_requested" was not initialized at start to length of memcpy
buffer so transferred bytes were subtracted from 0 causing overflow.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@xxxxxxxxxxx>
Fixes: aee4d1fac887 ("dmaengine: pl330: improve pl330_tx_status() function")
Signed-off-by: Vinod Koul <vinod.koul@xxxxxxxxx>
Signed-off-by: Kamal Mostafa <kamal@xxxxxxxxxxxxx>
drivers/dma/pl330.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/dma/pl330.c b/drivers/dma/pl330.c
index bdf40b5..c068ef1 100644
--- a/drivers/dma/pl330.c
+++ b/drivers/dma/pl330.c
@@ -2521,6 +2521,7 @@ pl330_prep_dma_memcpy(struct dma_chan *chan, dma_addr_t dst,
desc->rqcfg.brst_len = 1;

desc->rqcfg.brst_len = get_burst_len(desc, len);
+ desc->bytes_requested = len;

desc->txd.flags = flags;


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/