[PATCH v3] pinctrl: mediatek: fix global-out-of-bounds issue
zhiyong.tao
zhiyong.tao at mediatek.com
Tue Nov 9 23:02:44 PST 2021
On Wed, 2021-11-10 at 13:54 +0800, Chen-Yu Tsai wrote:
> On Wed, Nov 10, 2021 at 10:14 AM Zhiyong Tao <
> zhiyong.tao at mediatek.com> wrote:
> >
> > From: Guodong Liu <guodong.liu at mediatek.corp-partner.google.com>
> >
> > When eint virtual eint number is greater than gpio number,
> > it maybe produce 'desc[eint_n]' size globle-out-of-bounds issue.
> >
> > Signed-off-by: Zhiyong Tao <zhiyong.tao at mediatek.com>
> > Signed-off-by: Guodong Liu <
> > guodong.liu at mediatek.corp-partner.google.com>
>
> The order of Signed-off-by is still reversed though. The author comes
> first,
> then comes everyone who subsequently handled the patch.
>
> Once fixed,
>
> Reviewed-by: Chen-Yu Tsai <wenst at chromium.org>
>
> Also, for single patches, you don't really need to have a cover
> letter.
> Any info you would convey through the cover letter, such as
> changelogs,
> additional context, or whose tree you would like it merged through,
> can
> be put after the triple-dash ...
>
> > ---
>
> here. Text put here won't get included in the commit log.
Thanks for your suggestion, we will fix it in next version(v4).
>
> > drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 8 ++++++--
> > 1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c
> > b/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c
> > index 45ebdeba985a..12163d3c4bcb 100644
> > --- a/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c
> > +++ b/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c
> > @@ -285,8 +285,12 @@ static int mtk_xt_get_gpio_n(void *data,
> > unsigned long eint_n,
> > desc = (const struct mtk_pin_desc *)hw->soc->pins;
> > *gpio_chip = &hw->chip;
> >
> > - /* Be greedy to guess first gpio_n is equal to eint_n */
> > - if (desc[eint_n].eint.eint_n == eint_n)
> > + /*
> > + * Be greedy to guess first gpio_n is equal to eint_n.
> > + * Only eint virtual eint number is greater than gpio
> > number.
> > + */
> > + if (hw->soc->npins > eint_n &&
> > + desc[eint_n].eint.eint_n == eint_n)
> > *gpio_n = eint_n;
> > else
> > *gpio_n = mtk_xt_find_eint_num(hw, eint_n);
> > --
> > 2.25.1
> >
> >
> > _______________________________________________
> > Linux-mediatek mailing list
> > Linux-mediatek at lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/linux-mediatek
More information about the Linux-mediatek
mailing list