CVE-2022-49320

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type<br /> <br /> In zynqmp_dma_alloc/free_chan_resources functions there is a<br /> potential overflow in the below expressions.<br /> <br /> dma_alloc_coherent(chan-&gt;dev, (2 * chan-&gt;desc_size *<br /> ZYNQMP_DMA_NUM_DESCS),<br /> &amp;chan-&gt;desc_pool_p, GFP_KERNEL);<br /> <br /> dma_free_coherent(chan-&gt;dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *<br /> ZYNQMP_DMA_NUM_DESCS),<br /> chan-&gt;desc_pool_v, chan-&gt;desc_pool_p);<br /> <br /> The arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though<br /> this overflow condition is not observed but it is a potential problem<br /> in the case of 32-bit multiplication. Hence fix it by changing the<br /> desc_size data type to size_t.<br /> <br /> In addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in<br /> dma_alloc_coherent API argument.<br /> <br /> Addresses-Coverity: Event overflow_before_widen.