lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 14 Sep 2021 13:58:15 +0530
From:   Harini Katakam <harini.katakam@...inx.com>
To:     <vkoul@...nel.org>, <romain.perier@...il.com>,
        <allen.lkml@...il.com>, <yukuai3@...wei.com>
CC:     <dmaengine@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>, <harinikatakamlinux@...il.com>,
        <michal.simek@...inx.com>, <harini.katakam@...inx.com>,
        <radhey.shyam.pandey@...inx.com>, <shravya.kumbham@...inx.com>
Subject: [PATCH 2/4] dmaengine: zynqmp_dma: Typecast the variable with dma_addr_t to handle overflow

From: Shravya Kumbham <shravya.kumbham@...inx.com>

In zynqmp_dma_alloc_chan_resources function there is a potential
overflow in the below expression.

desc->src_p = chan->desc_pool_p + (i * ZYNQMP_DMA_DESC_SIZE(chan*2);

The macro ZYNQMP_DMA_DESC_SIZE and variable i are 32-bit. Though
this overflow condition is not observed but it is a potential problem
in the case of 32-bit multiplication. Hence fix it by using typecast.

Addresses-Coverity: Event overflow_before_widen.
Signed-off-by: Shravya Kumbham <shravya.kumbham@...inx.com>
Reviewed-by: Radhey Shyam Pandey <radhey.shyam.pandey@...inx.com>
---
 drivers/dma/xilinx/zynqmp_dma.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/dma/xilinx/zynqmp_dma.c b/drivers/dma/xilinx/zynqmp_dma.c
index 2d0eba25739d..d28b9ffb4309 100644
--- a/drivers/dma/xilinx/zynqmp_dma.c
+++ b/drivers/dma/xilinx/zynqmp_dma.c
@@ -502,7 +502,8 @@ static int zynqmp_dma_alloc_chan_resources(struct dma_chan *dchan)
 					(i * ZYNQMP_DMA_DESC_SIZE(chan) * 2));
 		desc->dst_v = (struct zynqmp_dma_desc_ll *) (desc->src_v + 1);
 		desc->src_p = chan->desc_pool_p +
-				(i * ZYNQMP_DMA_DESC_SIZE(chan) * 2);
+				((dma_addr_t)i * ZYNQMP_DMA_DESC_SIZE(chan)
+				 * 2);
 		desc->dst_p = desc->src_p + ZYNQMP_DMA_DESC_SIZE(chan);
 	}
 
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ