dmaengine: stm32-dma3: Set lli_size after allocation

With the new __counted_by annotation, the "lli_size" variable needs to
valid for accesses to the "lli" array. This requirement is not met in
stm32_dma3_chan_desc_alloc(), since "lli_size" starts at "0", so "lli"
index "0" will not be considered valid during the initialization for loop.

Fix this by setting lli_size immediately after allocation (similar to
how this is handled in stm32_mdma_alloc_desc() for the node/count
relationship).

Fixes: f561ec8b2b33 ("dmaengine: Add STM32 DMA3 support")
Signed-off-by: Kees Cook <kees@kernel.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20240716213830.work.951-kees@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>

diff --git a/drivers/dma/stm32/stm32-dma3.c b/drivers/dma/stm32/stm32-dma3.c
index 4087e0263a485bb8e86c354b5a68fb4a60adc8a7..0be6e944df6fd5d2a02974085251549d9389a37e 100644 (file)
--- a/drivers/dma/stm32/stm32-dma3.c
+++ b/drivers/dma/stm32/stm32-dma3.c
@@ -403,6 +403,7 @@ static struct stm32_dma3_swdesc *stm32_dma3_chan_desc_alloc(struct stm32_dma3_ch
        swdesc = kzalloc(struct_size(swdesc, lli, count), GFP_NOWAIT);
        if (!swdesc)
                return NULL;
+       swdesc->lli_size = count;
 
        for (i = 0; i < count; i++) {
                swdesc->lli[i].hwdesc = dma_pool_zalloc(chan->lli_pool, GFP_NOWAIT,
@@ -410,7 +411,6 @@ static struct stm32_dma3_swdesc *stm32_dma3_chan_desc_alloc(struct stm32_dma3_ch
                if (!swdesc->lli[i].hwdesc)
                        goto err_pool_free;
        }
-       swdesc->lli_size = count;
        swdesc->ccr = 0;
 
        /* Set LL base address */