mmc: renesas_sdhi: prevent overflow for max_req_size

max_req_size is calculated by 'max_blk_size * max_blk_count' in the TMIO
core. So, specifying U32_MAX as max_blk_count will overflow this
calculation. It will cause no harm in practice because the immense high
number will overflow into another immense high number. However, it is
not good coding practice, so calculate max_blk_count so that
max_req_size will fit into unsigned int on ARM32/64.

Thanks to the Renesas BSP team for the bug report!

Reported-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>

diff --git a/drivers/mmc/host/renesas_sdhi_internal_dmac.c b/drivers/mmc/host/renesas_sdhi_internal_dmac.c
index 106fd2179529d652e6ff578183b6226c9587766e..751fe91c7571d36f7c187e0f7adf5e0c670519fb 100644 (file)
--- a/drivers/mmc/host/renesas_sdhi_internal_dmac.c
+++ b/drivers/mmc/host/renesas_sdhi_internal_dmac.c
@@ -96,8 +96,8 @@ static const struct renesas_sdhi_of_data of_rza2_compatible = {
        .scc_offset     = 0 - 0x1000,
        .taps           = rcar_gen3_scc_taps,
        .taps_num       = ARRAY_SIZE(rcar_gen3_scc_taps),
-       /* DMAC can handle 0xffffffff blk count but only 1 segment */
-       .max_blk_count  = 0xffffffff,
+       /* DMAC can handle 32bit blk count but only 1 segment */
+       .max_blk_count  = UINT_MAX / TMIO_MAX_BLK_SIZE,
        .max_segs       = 1,
 };
 
@@ -111,8 +111,8 @@ static const struct renesas_sdhi_of_data of_rcar_gen3_compatible = {
        .scc_offset     = 0x1000,
        .taps           = rcar_gen3_scc_taps,
        .taps_num       = ARRAY_SIZE(rcar_gen3_scc_taps),
-       /* DMAC can handle 0xffffffff blk count but only 1 segment */
-       .max_blk_count  = 0xffffffff,
+       /* DMAC can handle 32bit blk count but only 1 segment */
+       .max_blk_count  = UINT_MAX / TMIO_MAX_BLK_SIZE,
        .max_segs       = 1,
 };
 

diff --git a/drivers/mmc/host/renesas_sdhi_sys_dmac.c b/drivers/mmc/host/renesas_sdhi_sys_dmac.c
index 2fc168662cb9c45c2624dd85768c6c9ae01f0419..1d29b822efb84db97fbe441fa596b1e54546e4cb 100644 (file)
--- a/drivers/mmc/host/renesas_sdhi_sys_dmac.c
+++ b/drivers/mmc/host/renesas_sdhi_sys_dmac.c
@@ -65,7 +65,7 @@ static const struct renesas_sdhi_of_data of_rcar_gen2_compatible = {
        .scc_offset     = 0x0300,
        .taps           = rcar_gen2_scc_taps,
        .taps_num       = ARRAY_SIZE(rcar_gen2_scc_taps),
-       .max_blk_count  = 0xffffffff,
+       .max_blk_count  = UINT_MAX / TMIO_MAX_BLK_SIZE,
 };
 
 /* Definitions for sampling clocks */