irq_create_fwspec_mapping() can fail, returning 0 as parent_virq. In this
case vint_desc is going to be NULL in ti_sci_inta_alloc_irq() which will
cause NULL pointer dereference.
Also note that irq_create_fwspec_mapping() returns 'unsigned int' so the
check '<=' was wrong.
Use -EINVAL if irq_create_fwspec_mapping() returned with 0.
Signed-off-by: Peter Ujfalusi <[email protected]>
---
drivers/irqchip/irq-ti-sci-inta.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/irqchip/irq-ti-sci-inta.c b/drivers/irqchip/irq-ti-sci-inta.c
index 011b60a49e3f..ef4d625d2d80 100644
--- a/drivers/irqchip/irq-ti-sci-inta.c
+++ b/drivers/irqchip/irq-ti-sci-inta.c
@@ -159,9 +159,9 @@ static struct ti_sci_inta_vint_desc *ti_sci_inta_alloc_parent_irq(struct irq_dom
parent_fwspec.param[1] = vint_desc->vint_id;
parent_virq = irq_create_fwspec_mapping(&parent_fwspec);
- if (parent_virq <= 0) {
+ if (parent_virq == 0) {
kfree(vint_desc);
- return ERR_PTR(parent_virq);
+ return ERR_PTR(-EINVAL);
}
vint_desc->parent_virq = parent_virq;
--
Peter
Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki.
Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki
On 04/06/2019 11:17, Peter Ujfalusi wrote:
> irq_create_fwspec_mapping() can fail, returning 0 as parent_virq. In this
> case vint_desc is going to be NULL in ti_sci_inta_alloc_irq() which will
> cause NULL pointer dereference.
>
> Also note that irq_create_fwspec_mapping() returns 'unsigned int' so the
> check '<=' was wrong.
>
> Use -EINVAL if irq_create_fwspec_mapping() returned with 0.
>
> Signed-off-by: Peter Ujfalusi <[email protected]>
> ---
> drivers/irqchip/irq-ti-sci-inta.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/irqchip/irq-ti-sci-inta.c b/drivers/irqchip/irq-ti-sci-inta.c
> index 011b60a49e3f..ef4d625d2d80 100644
> --- a/drivers/irqchip/irq-ti-sci-inta.c
> +++ b/drivers/irqchip/irq-ti-sci-inta.c
> @@ -159,9 +159,9 @@ static struct ti_sci_inta_vint_desc *ti_sci_inta_alloc_parent_irq(struct irq_dom
> parent_fwspec.param[1] = vint_desc->vint_id;
>
> parent_virq = irq_create_fwspec_mapping(&parent_fwspec);
> - if (parent_virq <= 0) {
> + if (parent_virq == 0) {
> kfree(vint_desc);
> - return ERR_PTR(parent_virq);
> + return ERR_PTR(-EINVAL);
> }
> vint_desc->parent_virq = parent_virq;
>
>
Nice one. I've queued it as part of the stuff I need to send to Thomas
at the end of the week.
Thanks,
M.
--
Jazz is not dead. It just smells funny...