diff options
author | Zhao Qiang <qiang.zhao@nxp.com> | 2016-01-21 09:06:04 +0800 |
---|---|---|
committer | Scott Wood <oss@buserror.net> | 2016-03-09 10:44:12 -0600 |
commit | c9ee69c5e2dc41e4153b3742db1f3dde856d539c (patch) | |
tree | 52599c2bc43b380d968e3e9b86286387c61e77d2 /drivers/soc | |
parent | ea6370d23c919127b2cd204af213223a89457477 (diff) | |
download | op-kernel-dev-c9ee69c5e2dc41e4153b3742db1f3dde856d539c.zip op-kernel-dev-c9ee69c5e2dc41e4153b3742db1f3dde856d539c.tar.gz |
qe/ic: fix a buffer overflow error and add check elsewhere
127 is the theoretical up boundary of QEIC number,
in fact there only be 44 qe_ic_info now.
add check to overflow for qe_ic_info
Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com>
Acked-by: Li Yang <leoyang.li@nxp.com>
Signed-off-by: Scott Wood <oss@buserror.net>
Diffstat (limited to 'drivers/soc')
-rw-r--r-- | drivers/soc/fsl/qe/qe_ic.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/drivers/soc/fsl/qe/qe_ic.c b/drivers/soc/fsl/qe/qe_ic.c index b77d01f..ec2ca86 100644 --- a/drivers/soc/fsl/qe/qe_ic.c +++ b/drivers/soc/fsl/qe/qe_ic.c @@ -259,6 +259,11 @@ static int qe_ic_host_map(struct irq_domain *h, unsigned int virq, struct qe_ic *qe_ic = h->host_data; struct irq_chip *chip; + if (hw >= ARRAY_SIZE(qe_ic_info)) { + pr_err("%s: Invalid hw irq number for QEIC\n", __func__); + return -EINVAL; + } + if (qe_ic_info[hw].mask == 0) { printk(KERN_ERR "Can't map reserved IRQ\n"); return -EINVAL; @@ -407,7 +412,8 @@ int qe_ic_set_priority(unsigned int virq, unsigned int priority) if (priority > 8 || priority == 0) return -EINVAL; - if (src > 127) + if (WARN_ONCE(src >= ARRAY_SIZE(qe_ic_info), + "%s: Invalid hw irq number for QEIC\n", __func__)) return -EINVAL; if (qe_ic_info[src].pri_reg == 0) return -EINVAL; @@ -436,6 +442,9 @@ int qe_ic_set_high_priority(unsigned int virq, unsigned int priority, int high) if (priority > 2 || priority == 0) return -EINVAL; + if (WARN_ONCE(src >= ARRAY_SIZE(qe_ic_info), + "%s: Invalid hw irq number for QEIC\n", __func__)) + return -EINVAL; switch (qe_ic_info[src].pri_reg) { case QEIC_CIPZCC: |