[bug report] firmware: thead: Add AON firmware protocol driver
Dan Carpenter
dan.carpenter at linaro.org
Sat Mar 15 02:54:10 PDT 2025
Hello Michal Wilczynski,
Commit e4b3cbd840e5 ("firmware: thead: Add AON firmware protocol
driver") from Mar 11, 2025 (linux-next), leads to the following
Smatch static checker warning:
drivers/firmware/thead,th1520-aon.c:174 th1520_aon_power_update()
error: buffer overflow 'data' 2 <= 3
drivers/firmware/thead,th1520-aon.c
164 {
165 struct th1520_aon_msg_req_set_resource_power_mode msg = {};
166 struct th1520_aon_rpc_msg_hdr *hdr = &msg.hdr;
167 int ret;
168
169 hdr->svc = TH1520_AON_RPC_SVC_PM;
170 hdr->func = TH1520_AON_PM_FUNC_SET_RESOURCE_POWER_MODE;
171 hdr->size = TH1520_AON_RPC_MSG_NUM;
172
173 RPC_SET_BE16(&msg.resource, 0, rsrc);
--> 174 RPC_SET_BE16(&msg.resource, 2,
^
&msg.resource is a 2 byte array. This sets the 3rd and 4th bytes.
It's intentional but ugly. Use &msg.mode instead.
Also use proper endian conversion macros which don't assume that
we're on a little endian system. (Although Intel drivers assume they
are on little endian systems. So there is precedence. I supposed.)
175 (power_on ? TH1520_AON_PM_PW_MODE_ON :
176 TH1520_AON_PM_PW_MODE_OFF));
177
178 ret = th1520_aon_call_rpc(aon_chan, &msg);
179 if (ret)
180 dev_err(aon_chan->cl.dev, "failed to power %s resource %d ret %d\n",
181 power_on ? "up" : "off", rsrc, ret);
182
183 return ret;
184 }
regards,
dan carpenter
More information about the linux-riscv
mailing list