[bug report] mailbox: Introduce support for T-head TH1520 Mailbox driver
Michal Wilczynski
m.wilczynski at samsung.com
Fri Nov 29 04:37:01 PST 2024
On 11/29/24 07:56, Dan Carpenter wrote:
> Hello Michal Wilczynski,
Hi Dan,
>
> Commit 5d4d263e1c6b ("mailbox: Introduce support for T-head TH1520
> Mailbox driver") from Nov 4, 2024 (linux-next), leads to the
> following Smatch static checker warning:
>
> drivers/mailbox/mailbox-th1520.c:535 th1520_mbox_suspend_noirq() error: buffer overflow 'ctx->intr_mask' 3 <= 3
> drivers/mailbox/mailbox-th1520.c:548 th1520_mbox_resume_noirq() error: buffer overflow 'ctx->intr_mask' 3 <= 3
>
> drivers/mailbox/mailbox-th1520.c
> 525 static int __maybe_unused th1520_mbox_suspend_noirq(struct device *dev)
> 526 {
> 527 struct th1520_mbox_priv *priv = dev_get_drvdata(dev);
> 528 struct th1520_mbox_context *ctx = priv->ctx;
> 529 u32 i;
> 530 /*
> 531 * ONLY interrupt mask bit should be stored and restores.
> 532 * INFO data all assumed to be lost.
> 533 */
> 534 for (i = 0; i < TH_1520_MBOX_CHANS; i++) {
> --> 535 ctx->intr_mask[i] =
>
> The ctx->intr_mask[] array has TH_1520_MBOX_CHANS - 1 elements so this is
> memory corruption.
Thanks, yeah it seems like the array should just be bigger to accomodate
for all registers interrupt masks. This kind of slipped from the vendor
code, and I haven't noticed it. Will send a patch fixing this.
>
> 536 ioread32(priv->local_icu[i] + TH_1520_MBOX_MASK);
> 537 }
> 538 return 0;
> 539 }
>
> regards,
> dan carpenter
>
More information about the linux-riscv
mailing list