[<prev] [next>] [day] [month] [year] [list]
Message-Id: <efbd346a9bb672782ac67453e622f01b5212d38d.1438780176.git.Allen.Hubbe@emc.com>
Date: Wed, 5 Aug 2015 09:23:04 -0400
From: Allen Hubbe <Allen.Hubbe@....com>
To: Dan Williams <dan.j.williams@...el.com>,
Dave Jiang <dave.jiang@...el.com>
Cc: dmaengine@...r.kernel.com, linux-kernel@...r.kernel.org,
Allen Hubbe <Allen.Hubbe@....com>
Subject: [PATCH] ioatdma: fix overflow of u16 in ring_reshape
If the allocation order is 16, then the u16 index will overflow and wrap
to zero instead of being equal or greater than 1 << 16. The loop
condition will always be true, and the loop will run until all the
memory resources are depleted.
Change the type of index 'i' to u32, so that it is large enough to store
a value equal or greater than 1 << 16.
Signed-off-by: Allen Hubbe <Allen.Hubbe@....com>
---
drivers/dma/ioat/dma_v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/dma/ioat/dma_v2.c b/drivers/dma/ioat/dma_v2.c
index 69c7dfcad023..13fbd9d5b5b9 100644
--- a/drivers/dma/ioat/dma_v2.c
+++ b/drivers/dma/ioat/dma_v2.c
@@ -588,7 +588,7 @@ bool reshape_ring(struct ioat2_dma_chan *ioat, int order)
const u16 active = ioat2_ring_active(ioat);
const u32 new_size = 1 << order;
struct ioat_ring_ent **ring;
- u16 i;
+ u32 i;
if (order > ioat_get_max_alloc_order())
return false;
--
2.5.0.rc1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists