On 14/02/2019 02:36, Brian Masney wrote:
> SSBI GPIOs are numbered 1..ngpio, so the boundary check in
> pm8xxx_domain_translate() is off by one. This patch corrects that check.
>
> Signed-off-by: Brian Masney <[email protected]>
> ---
> Originally found by Bjorn Andersson in spmi-gpio.
>
> Linus: For your ib-qcom-ssbi branch.
>
> drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c
> b/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c
> index 84a232450000..10575d6e2ba5 100644
> --- a/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c
> +++ b/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c
> @@ -710,7 +710,8 @@ static int pm8xxx_domain_translate(struct irq_domain
> *domain,
> struct pm8xxx_gpio *pctrl = container_of(domain->host_data,
> struct pm8xxx_gpio, chip);
>
> - if (fwspec->param_count != 2 || fwspec->param[0] >= pctrl->chip.ngpio)
> + if (fwspec->param_count != 2 || fwspec->param[0] < 1 ||
> + fwspec->param[0] > pctrl->chip.ngpio)
> return -EINVAL;
>
> *hwirq = fwspec->param[0] - PM8XXX_GPIO_PHYSICAL_OFFSET;
I would write (using the wrap-around behavior for unsigned int)
if (fwspec->param_count != 2 || fwspec->param[0] - 1 >=
pctrl->chip.ngpio)
return -EINVAL;
Regards.
