dmaengine: avoid map_cnt overflow with CONFIG_DMA_ENGINE_RAID

When CONFIG_DMA_ENGINE_RAID is enabled, unmap pool size can reach to 256. But in struct dmaengine_unmap_data, map_cnt is only u8, wrapping to 0, if the unmap pool is maximally used. This triggers BUG() when struct dmaengine_unmap_data is freed. Use u16 to fix the problem. Signed-off-by: Zi Yan <zi.yan@cs.rutgers.edu> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
mariux64 · Feb 12, 2018 · 0c0eb4c · 0c0eb4c
1 parent 7928b2c
commit 0c0eb4c
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h
@@ -470,7 +470,11 @@ typedef void (*dma_async_tx_callback_result)(void *dma_async_param,
 				const struct dmaengine_result *result);
 
 struct dmaengine_unmap_data {
+#if IS_ENABLED(CONFIG_DMA_ENGINE_RAID)
+	u16 map_cnt;
+#else
 	u8 map_cnt;
+#endif
 	u8 to_cnt;
 	u8 from_cnt;
 	u8 bidi_cnt;