[PATCH] nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy

Fri Jan 16 09:06:39 PST 2026

On 1/6/26 10:37 AM, Harsh Jain wrote:
> From: Ivan Vera <ivanverasantos at gmail.com>
> 
> Buffer size used in dma allocation and memcpy is wrong.
> It can lead to undersized DMA buffer access and possible
> memory corruption. use correct buffer size in dma_alloc_coherent
> and memcpy.
> 
> Fixes: 737c0c8d07b5 ("nvmem: zynqmp_nvmem: Add support to access efuse")
> Signed-off-by: Ivan Vera <ivan.vera at enclustra.com>
> Signed-off-by: Harish Ediga <harish.ediga at amd.com>
> Signed-off-by: Harsh Jain <h.jain at amd.com>
Missing cc stable
and

WARNING: From:/Signed-off-by: email address mismatch: 'From: Ivan Vera
<ivanverasantos at gmail.com>' != 'Signed-off-by: Ivan Vera
<ivan.vera at enclustra.com>'

Pl fix these and send a new version.

--srini

> ---

>  drivers/nvmem/zynqmp_nvmem.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/nvmem/zynqmp_nvmem.c b/drivers/nvmem/zynqmp_nvmem.c
> index 7da717d6c7fa..d297ff150dc0 100644
> --- a/drivers/nvmem/zynqmp_nvmem.c
> +++ b/drivers/nvmem/zynqmp_nvmem.c
> @@ -66,7 +66,7 @@ static int zynqmp_efuse_access(void *context, unsigned int offset,
>  	dma_addr_t dma_buf;
>  	size_t words = bytes / WORD_INBYTES;
>  	int ret;
> -	int value;
> +	unsigned int value;
>  	char *data;
>  
>  	if (bytes % WORD_INBYTES != 0) {
> @@ -80,7 +80,7 @@ static int zynqmp_efuse_access(void *context, unsigned int offset,
>  	}
>  
>  	if (pufflag == 1 && flag == EFUSE_WRITE) {
> -		memcpy(&value, val, bytes);
> +		memcpy(&value, val, sizeof(value));
>  		if ((offset == EFUSE_PUF_START_OFFSET ||
>  		     offset == EFUSE_PUF_MID_OFFSET) &&
>  		    value & P_USER_0_64_UPPER_MASK) {
> @@ -100,7 +100,7 @@ static int zynqmp_efuse_access(void *context, unsigned int offset,
>  	if (!efuse)
>  		return -ENOMEM;
>  
> -	data = dma_alloc_coherent(dev, sizeof(bytes),
> +	data = dma_alloc_coherent(dev, bytes,
>  				  &dma_buf, GFP_KERNEL);
>  	if (!data) {
>  		ret = -ENOMEM;
> @@ -134,7 +134,7 @@ static int zynqmp_efuse_access(void *context, unsigned int offset,
>  	if (flag == EFUSE_READ)
>  		memcpy(val, data, bytes);
>  efuse_access_err:
> -	dma_free_coherent(dev, sizeof(bytes),
> +	dma_free_coherent(dev, bytes,
>  			  data, dma_buf);
>  efuse_data_fail:
>  	dma_free_coherent(dev, sizeof(struct xilinx_efuse),