| Message ID | 20220305154256.278394-1-brgl@bgdev.pl |
|---|---|
| State | New |
| Headers | show |
| Series | gpiolib: fix the size of the ngpios variable | expand |
On Sat, Mar 5, 2022 at 10:14 PM Bartosz Golaszewski <brgl@bgdev.pl> wrote: > > The ngpio fields both in struct gpio_device as well as gpio_chip are > 16 bit unsigned integers. Let's not risk an overflow and use the correct > size when reading the device property. ... > - ret = device_property_read_u32(&gdev->dev, "ngpios", &ngpios); > + ret = device_property_read_u16(&gdev->dev, "ngpios", &ngpios); AFAIU DT format you may not do this. The property is ABI-like and it's 32-bit (BE!). Reading as u16 will bring you 2 MSB (bytes) out of 4 from the 32-bit value.
On Sat, Mar 5, 2022 at 10:27 PM Andy Shevchenko <andy.shevchenko@gmail.com> wrote: > > On Sat, Mar 5, 2022 at 10:14 PM Bartosz Golaszewski <brgl@bgdev.pl> wrote: > > > > The ngpio fields both in struct gpio_device as well as gpio_chip are > > 16 bit unsigned integers. Let's not risk an overflow and use the correct > > size when reading the device property. > > ... > > > - ret = device_property_read_u32(&gdev->dev, "ngpios", &ngpios); > > + ret = device_property_read_u16(&gdev->dev, "ngpios", &ngpios); > > AFAIU DT format you may not do this. The property is ABI-like and it's > 32-bit (BE!). Reading as u16 will bring you 2 MSB (bytes) out of 4 > from the 32-bit value. > Ah right. It's not very obvious from the docs but the DT syntax must be different for 16 bits. In that case our best shot is to read a 32-bit unsigned integer and check if its value doesn't exceed UINT16_MAX. Bart
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index a3d14277f17c..147b86db16aa 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -607,7 +607,7 @@ int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data, int base = gc->base; unsigned int i; int ret = 0; - u32 ngpios; + u16 ngpios; if (gc->fwnode) fwnode = gc->fwnode; @@ -665,7 +665,7 @@ int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data, * of GPIO lines. */ if (gc->ngpio == 0) { - ret = device_property_read_u32(&gdev->dev, "ngpios", &ngpios); + ret = device_property_read_u16(&gdev->dev, "ngpios", &ngpios); if (ret == -ENODATA) /* * -ENODATA means that there is no property found and
The ngpio fields both in struct gpio_device as well as gpio_chip are 16 bit unsigned integers. Let's not risk an overflow and use the correct size when reading the device property. Fixes: 9dbd1ab20509 ("gpiolib: check the 'ngpios' property in core gpiolib code") Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl> --- drivers/gpio/gpiolib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)