From 2cea8d74dc3a80bbc06aff6b6dcaceb806d563b4 Mon Sep 17 00:00:00 2001
From: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Date: Wed, 19 Sep 2018 13:01:55 +0200
Subject: [PATCH] imx: mx7: fix potential overflow in imx_ddr_size()

The imx_ddr_size() function may overflow as it is possible to kind of
over provision the DDR controller. Fix this by capping it to 2 GB which
is the maximum allowed size as per reference manual.

Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
---
 arch/arm/mach-imx/mx7/ddr.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm/mach-imx/mx7/ddr.c b/arch/arm/mach-imx/mx7/ddr.c
index f19aeb8042..9713835bf2 100644
--- a/arch/arm/mach-imx/mx7/ddr.c
+++ b/arch/arm/mach-imx/mx7/ddr.c
@@ -196,5 +196,9 @@ unsigned int imx_ddr_size(void)
 	if (field_val <= 29)
 		bits++;
 
+	/* cap to max 2 GB */
+	if (bits > 31)
+		bits = 31;
+
 	return 1 << bits;
 }
-- 
2.39.5