From 5b5dc7db5a8dc2c221526acf81b323ec1f972d0f Mon Sep 17 00:00:00 2001 From: Gabor Juhos Date: Mon, 11 Aug 2025 10:30:42 +0200 Subject: [PATCH] mtd: nand: qpic_common: use {cmd,data}_sgl_nitems for sg_init_table() Since commit ddaad4ad774d ("mtd: nand: qpic_common: prevent out of bounds access of BAM arrays"), the {cmd,data}_sgl_nitems members in the 'bam_transaction' structure are containing the number of elements in the cmd/data scatter-gather lists. Change the qcom_clear_bam_transaction() function to use these numbers while reinitializing the sg lists instead of recomputing the number of elements to make it less error prone. Signed-off-by: Gabor Juhos Acked-by: Konrad Dybcio Signed-off-by: Miquel Raynal --- drivers/mtd/nand/qpic_common.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/nand/qpic_common.c b/drivers/mtd/nand/qpic_common.c index 8e604cc22ca31..db6c46a6fe01c 100644 --- a/drivers/mtd/nand/qpic_common.c +++ b/drivers/mtd/nand/qpic_common.c @@ -89,10 +89,8 @@ void qcom_clear_bam_transaction(struct qcom_nand_controller *nandc) memset(&bam_txn->bam_positions, 0, sizeof(bam_txn->bam_positions)); bam_txn->last_data_desc = NULL; - sg_init_table(bam_txn->cmd_sgl, nandc->max_cwperpage * - QPIC_PER_CW_CMD_SGL); - sg_init_table(bam_txn->data_sgl, nandc->max_cwperpage * - QPIC_PER_CW_DATA_SGL); + sg_init_table(bam_txn->cmd_sgl, bam_txn->cmd_sgl_nitems); + sg_init_table(bam_txn->data_sgl, bam_txn->data_sgl_nitems); reinit_completion(&bam_txn->txn_done); } -- 2.47.3