mmc: renesas_sdhi: prevent overflow for max_req_size

max_req_size is calculated by 'max_blk_size * max_blk_count' in the TMIO
core. So, specifying U32_MAX as max_blk_count will overflow this
calculation. It will cause no harm in practice because the immense high
number will overflow into another immense high number. However, it is
not good coding practice, so calculate max_blk_count so that
max_req_size will fit into unsigned int on ARM32/64.

Thanks to the Renesas BSP team for the bug report!

Reported-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>

diff --git a/drivers/mmc/host/renesas_sdhi_internal_dmac.c b/drivers/mmc/host/renesas_sdhi_internal_dmac.c
index 106fd21..751fe91 100644 (file)
--- a/drivers/mmc/host/renesas_sdhi_internal_dmac.c
+++ b/drivers/mmc/host/renesas_sdhi_internal_dmac.c
@@ -96,8 +96,8 @@ static const struct renesas_sdhi_of_data of_rza2_compatible = {
        .scc_offset     = 0 - 0x1000,
        .taps           = rcar_gen3_scc_taps,
        .taps_num       = ARRAY_SIZE(rcar_gen3_scc_taps),
-       /* DMAC can handle 0xffffffff blk count but only 1 segment */
-       .max_blk_count  = 0xffffffff,
+       /* DMAC can handle 32bit blk count but only 1 segment */
+       .max_blk_count  = UINT_MAX / TMIO_MAX_BLK_SIZE,
        .max_segs       = 1,
 };
 
@@ -111,8 +111,8 @@ static const struct renesas_sdhi_of_data of_rcar_gen3_compatible = {
        .scc_offset     = 0x1000,
        .taps           = rcar_gen3_scc_taps,
        .taps_num       = ARRAY_SIZE(rcar_gen3_scc_taps),
-       /* DMAC can handle 0xffffffff blk count but only 1 segment */
-       .max_blk_count  = 0xffffffff,
+       /* DMAC can handle 32bit blk count but only 1 segment */
+       .max_blk_count  = UINT_MAX / TMIO_MAX_BLK_SIZE,
        .max_segs       = 1,
 };
 

diff --git a/drivers/mmc/host/renesas_sdhi_sys_dmac.c b/drivers/mmc/host/renesas_sdhi_sys_dmac.c
index 2fc1686..1d29b82 100644 (file)
--- a/drivers/mmc/host/renesas_sdhi_sys_dmac.c
+++ b/drivers/mmc/host/renesas_sdhi_sys_dmac.c
@@ -65,7 +65,7 @@ static const struct renesas_sdhi_of_data of_rcar_gen2_compatible = {
        .scc_offset     = 0x0300,
        .taps           = rcar_gen2_scc_taps,
        .taps_num       = ARRAY_SIZE(rcar_gen2_scc_taps),
-       .max_blk_count  = 0xffffffff,
+       .max_blk_count  = UINT_MAX / TMIO_MAX_BLK_SIZE,
 };
 
 /* Definitions for sampling clocks */