Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7b3724e6 authored by Yuanfang Zhang's avatar Yuanfang Zhang
Browse files

coresight: fix unsigned integer calculation overflow 



The cumulative value of small_size may be greater than USB_BLK_SIZE
in usb_transfer_small_packe, the result of "usb_blk_size-small_size"
overflows in usb_read_work_fn. This change fix this issue.

Change-Id: I8719c206592893743efc83b1ceac6c117bd7a24a
Signed-off-by: default avatarYuanfang Zhang <zhangyuanfang@codeaurora.org>
parent 80fded8c

drivers/hwtracing/coresight/coresight-byte-cntr.c

+3 −2
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/* Copyright (c) 2017-2019, The Linux Foundation. All rights reserved.

/* Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.

 *

 * Description: CoreSight Trace Memory Controller driver

 */
@@ -328,7 +328,8 @@ static int usb_transfer_small_packet(struct qdss_request *usb_req, 
	w_offset = tmc_sg_get_rwp_offset(tmcdrvdata);

	req_size = ((w_offset < drvdata->offset) ? etr_buf->size : 0) +

				w_offset - drvdata->offset;

	req_size = (req_size < USB_BLK_SIZE) ? req_size : USB_BLK_SIZE;

	req_size = ((req_size + *small_size) < USB_BLK_SIZE) ? req_size :

		(USB_BLK_SIZE - *small_size);



	while (req_size > 0) {