From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE2BEC0650E for ; Mon, 1 Jul 2019 12:22:03 +0000 (UTC) Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C68E520B7C for ; Mon, 1 Jul 2019 12:22:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C68E520B7C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=8bytes.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=iommu-bounces@lists.linux-foundation.org Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 9B8AE1472; Mon, 1 Jul 2019 12:22:03 +0000 (UTC) Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 994071161 for ; Mon, 1 Jul 2019 12:22:02 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from theia.8bytes.org (8bytes.org [81.169.241.247]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2BE85832 for ; Mon, 1 Jul 2019 12:22:02 +0000 (UTC) Received: by theia.8bytes.org (Postfix, from userid 1000) id 82844229; Mon, 1 Jul 2019 14:22:00 +0200 (CEST) Date: Mon, 1 Jul 2019 14:21:59 +0200 From: Joerg Roedel To: Nicolin Chen Subject: Re: [PATCH] iommu/dma: Fix calculation overflow in __finalise_sg() Message-ID: <20190701122158.GE8166@8bytes.org> References: <20190622043814.5003-1-nicoleotsuka@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190622043814.5003-1-nicoleotsuka@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) Cc: iommu@lists.linux-foundation.org, robin.murphy@arm.com, linux-kernel@vger.kernel.org X-BeenThere: iommu@lists.linux-foundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Development issues for Linux IOMMU support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: iommu-bounces@lists.linux-foundation.org Errors-To: iommu-bounces@lists.linux-foundation.org On Fri, Jun 21, 2019 at 09:38:14PM -0700, Nicolin Chen wrote: > The max_len is a u32 type variable so the calculation on the > left hand of the last if-condition will potentially overflow > when a cur_len gets closer to UINT_MAX -- note that there're > drivers setting max_seg_size to UINT_MAX: > drivers/dma/dw-edma/dw-edma-core.c:745: > dma_set_max_seg_size(dma->dev, U32_MAX); > drivers/dma/dma-axi-dmac.c:871: > dma_set_max_seg_size(&pdev->dev, UINT_MAX); > drivers/mmc/host/renesas_sdhi_internal_dmac.c:338: > dma_set_max_seg_size(dev, 0xffffffff); > drivers/nvme/host/pci.c:2520: > dma_set_max_seg_size(dev->dev, 0xffffffff); > > So this patch just casts the cur_len in the calculation to a > size_t type to fix the overflow issue, as it's not necessary > to change the type of cur_len after all. > > Fixes: 809eac54cdd6 ("iommu/dma: Implement scatterlist segment merging") > Cc: stable@vger.kernel.org > Signed-off-by: Nicolin Chen Looks good to me, but I let Robin take a look too before I apply it, Robin? _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu