[lvc-project] [PATCH v1] drivers/dma/ioat/prep: don't read pq->coef out of bounds
Daniil Tatianin
d-tatianin at yandex-team.ru
Mon Nov 14 17:36:35 MSK 2022
dump_pq16_desc_dbg() would access pq->coef with an index obtained with
src16_cnt_to_sw without converting it back with src16_cnt_to_hw, which
would lead to out of bounds access.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Signed-off-by: Daniil Tatianin <d-tatianin at yandex-team.ru>
---
drivers/dma/ioat/prep.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/dma/ioat/prep.c b/drivers/dma/ioat/prep.c
index 033d9f2b3e2a..004b8a537b97 100644
--- a/drivers/dma/ioat/prep.c
+++ b/drivers/dma/ioat/prep.c
@@ -329,7 +329,7 @@ static void dump_pq16_desc_dbg(struct ioatdma_chan *ioat_chan,
for (i = 0; i < src_cnt; i++) {
dev_dbg(dev, "\tsrc[%d]: %#llx coef: %#x\n", i,
(unsigned long long) pq16_get_src(descs, i),
- pq->coef[i]);
+ pq->coef[src16_cnt_to_hw(i)]);
}
dev_dbg(dev, "\tP: %#llx\n", pq->p_addr);
dev_dbg(dev, "\tQ: %#llx\n", pq->q_addr);
--
2.25.1
More information about the lvc-project
mailing list