Message ID | 1453338364-45129-1-git-send-email-qiang.zhao@nxp.com (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Scott Wood |
Headers | show |
On Thu, Jan 21, 2016 at 9:06 AM, Zhao Qiang <qiang.zhao@nxp.com> wrote: > 127 is the theoretical up boundary of QEIC number, > in fact there only be 44 qe_ic_info now. > add check to overflow for qe_ic_info > > Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> Acked-by: Li Yang <leoyang.li@nxp.com> Regards, Leo
On Thu, 21 Jan 2016, Zhao Qiang wrote: > 127 is the theoretical up boundary of QEIC number, > in fact there only be 44 qe_ic_info now. > add check to overflow for qe_ic_info How do you trigger that overflow? The above does not explain WHY we need these checks. > diff --git a/drivers/soc/fsl/qe/qe_ic.c b/drivers/soc/fsl/qe/qe_ic.c > index 5419527..90c00b7 100644 > --- a/drivers/soc/fsl/qe/qe_ic.c > +++ b/drivers/soc/fsl/qe/qe_ic.c Sigh. Another dump ground for SOC stuff? irq chip drivers belong into drivers/irqchip. Thanks, tglx
On Tue, 2016-01-26 at 18:31 +0100, Thomas Gleixner wrote: > On Thu, 21 Jan 2016, Zhao Qiang wrote: > > > 127 is the theoretical up boundary of QEIC number, > > in fact there only be 44 qe_ic_info now. > > add check to overflow for qe_ic_info > > How do you trigger that overflow? The above does not explain WHY we need > these > checks. The check in qe_ic_host_map can be triggered by bad data in a device tree. The set_priority functions do not appear to be used at all. > > > diff --git a/drivers/soc/fsl/qe/qe_ic.c b/drivers/soc/fsl/qe/qe_ic.c > > index 5419527..90c00b7 100644 > > --- a/drivers/soc/fsl/qe/qe_ic.c > > +++ b/drivers/soc/fsl/qe/qe_ic.c > > Sigh. Another dump ground for SOC stuff? Another? Where are the others, besides arch? > irq chip drivers belong into drivers/irqchip. Yes. This stuff was recently moved out of arch/powerpc to work toward being able to use it on ARM. I'm expecting followup patches to move things like this that belong elsewhere. -Scott
diff --git a/drivers/soc/fsl/qe/qe_ic.c b/drivers/soc/fsl/qe/qe_ic.c index 5419527..90c00b7 100644 --- a/drivers/soc/fsl/qe/qe_ic.c +++ b/drivers/soc/fsl/qe/qe_ic.c @@ -261,6 +261,11 @@ static int qe_ic_host_map(struct irq_domain *h, unsigned int virq, struct qe_ic *qe_ic = h->host_data; struct irq_chip *chip; + if (hw >= ARRAY_SIZE(qe_ic_info)) { + pr_err("%s: Invalid hw irq number for QEIC\n", __func__); + return -EINVAL; + } + if (qe_ic_info[hw].mask == 0) { printk(KERN_ERR "Can't map reserved IRQ\n"); return -EINVAL; @@ -409,7 +414,8 @@ int qe_ic_set_priority(unsigned int virq, unsigned int priority) if (priority > 8 || priority == 0) return -EINVAL; - if (src > 127) + if (WARN_ONCE(src >= ARRAY_SIZE(qe_ic_info), + "%s: Invalid hw irq number for QEIC\n", __func__)) return -EINVAL; if (qe_ic_info[src].pri_reg == 0) return -EINVAL; @@ -438,6 +444,9 @@ int qe_ic_set_high_priority(unsigned int virq, unsigned int priority, int high) if (priority > 2 || priority == 0) return -EINVAL; + if (WARN_ONCE(src >= ARRAY_SIZE(qe_ic_info), + "%s: Invalid hw irq number for QEIC\n", __func__)) + return -EINVAL; switch (qe_ic_info[src].pri_reg) { case QEIC_CIPZCC:
127 is the theoretical up boundary of QEIC number, in fact there only be 44 qe_ic_info now. add check to overflow for qe_ic_info Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com> --- drivers/soc/fsl/qe/qe_ic.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)