[bug report] firmware: thead: Add AON firmware protocol driver

[Michal Wilczynski]

On 3/15/25 10:54, Dan Carpenter wrote:
> Hello Michal Wilczynski,
> 
> Commit e4b3cbd840e5 ("firmware: thead: Add AON firmware protocol
> driver") from Mar 11, 2025 (linux-next), leads to the following
> Smatch static checker warning:
> 
> 	drivers/firmware/thead,th1520-aon.c:174 th1520_aon_power_update()
> 	error: buffer overflow 'data' 2 <= 3
> 
> drivers/firmware/thead,th1520-aon.c
>     164 {
>     165         struct th1520_aon_msg_req_set_resource_power_mode msg = {};
>     166         struct th1520_aon_rpc_msg_hdr *hdr = &msg.hdr;
>     167         int ret;
>     168 
>     169         hdr->svc = TH1520_AON_RPC_SVC_PM;
>     170         hdr->func = TH1520_AON_PM_FUNC_SET_RESOURCE_POWER_MODE;
>     171         hdr->size = TH1520_AON_RPC_MSG_NUM;
>     172 
>     173         RPC_SET_BE16(&msg.resource, 0, rsrc);
> --> 174         RPC_SET_BE16(&msg.resource, 2,
>                                             ^
> &msg.resource is a 2 byte array.  This sets the 3rd and 4th bytes.
> It's intentional but ugly.  Use &msg.mode instead.
> Also use proper endian conversion macros which don't assume that
> we're on a little endian system.  (Although Intel drivers assume they
> are on little endian systems.  So there is precedence.  I supposed.)

Thank you very much for your report. Will follow up with the fix patch.

Regards,
Michał

> 
>     175                      (power_on ? TH1520_AON_PM_PW_MODE_ON :
>     176                                  TH1520_AON_PM_PW_MODE_OFF));
>     177 
>     178         ret = th1520_aon_call_rpc(aon_chan, &msg);
>     179         if (ret)
>     180                 dev_err(aon_chan->cl.dev, "failed to power %s resource %d ret %d\n",
>     181                         power_on ? "up" : "off", rsrc, ret);
>     182 
>     183         return ret;
>     184 }
> 
> regards,
> dan carpenter
>