tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy

Buffer size used in dma allocation and memcpy is wrong.
It can lead to undersized DMA buffer access and possible
memory corruption. use correct buffer size in dma_alloc_coherent
and memcpy.

Fixes: 737c0c8d07b5 ("nvmem: zynqmp_nvmem: Add support to access efuse")
Cc: stable@vger.kernel.org
Signed-off-by: Ivan Vera <ivanverasantos@gmail.com>
Signed-off-by: Harish Ediga <harish.ediga@amd.com>
Signed-off-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Srinivas Kandagatla <srini@kernel.org>
Link: https://patch.msgid.link/20260327131645.3025781-3-srini@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Ivan Vera and committed by
Greg Kroah-Hartman f9b88613 48b5163c

+4 -4
+4 -4
drivers/nvmem/zynqmp_nvmem.c
··· 66 66 dma_addr_t dma_buf; 67 67 size_t words = bytes / WORD_INBYTES; 68 68 int ret; 69 - int value; 69 + unsigned int value; 70 70 char *data; 71 71 72 72 if (bytes % WORD_INBYTES != 0) { ··· 80 80 } 81 81 82 82 if (pufflag == 1 && flag == EFUSE_WRITE) { 83 - memcpy(&value, val, bytes); 83 + memcpy(&value, val, sizeof(value)); 84 84 if ((offset == EFUSE_PUF_START_OFFSET || 85 85 offset == EFUSE_PUF_MID_OFFSET) && 86 86 value & P_USER_0_64_UPPER_MASK) { ··· 100 100 if (!efuse) 101 101 return -ENOMEM; 102 102 103 - data = dma_alloc_coherent(dev, sizeof(bytes), 103 + data = dma_alloc_coherent(dev, bytes, 104 104 &dma_buf, GFP_KERNEL); 105 105 if (!data) { 106 106 ret = -ENOMEM; ··· 134 134 if (flag == EFUSE_READ) 135 135 memcpy(val, data, bytes); 136 136 efuse_access_err: 137 - dma_free_coherent(dev, sizeof(bytes), 137 + dma_free_coherent(dev, bytes, 138 138 data, dma_buf); 139 139 efuse_data_fail: 140 140 dma_free_coherent(dev, sizeof(struct xilinx_efuse),