| Message ID | 20210323131002.2418896-1-arnd@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | pinctrl: microchip: fix array overflow | expand |
On Tue, Mar 23, 2021 at 2:10 PM Arnd Bergmann <arnd@kernel.org> wrote: > From: Arnd Bergmann <arnd@arndb.de> > > Building with 'make W=1' shows an array overflow: > > drivers/pinctrl/pinctrl-microchip-sgpio.c: In function 'microchip_sgpio_irq_settype': > drivers/pinctrl/pinctrl-microchip-sgpio.c:154:39: error: array subscript 10 is above array bounds of 'const u8[10]' {aka 'const unsigned char[10]'} [-Werror=array-bounds] > 154 | u32 regoff = priv->properties->regoff[rno] + off; > | ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~ > drivers/pinctrl/pinctrl-microchip-sgpio.c:55:5: note: while referencing 'regoff' > 55 | u8 regoff[MAXREG]; > | ^~~~~~ > > It's not clear to me what was meant here, my best guess is that the > offset should have been applied to the third argument instead of the > second. > > Fixes: be2dc859abd4 ("pinctrl: pinctrl-microchip-sgpio: Add irq support (for sparx5)") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> Patch applied. Yours, Linus Walleij
Linus Walleij writes: > On Tue, Mar 23, 2021 at 2:10 PM Arnd Bergmann <arnd@kernel.org> wrote: > >> From: Arnd Bergmann <arnd@arndb.de> >> >> Building with 'make W=1' shows an array overflow: >> >> drivers/pinctrl/pinctrl-microchip-sgpio.c: In function 'microchip_sgpio_irq_settype': >> drivers/pinctrl/pinctrl-microchip-sgpio.c:154:39: error: array subscript 10 is above array bounds of 'const u8[10]' {aka 'const unsigned char[10]'} [-Werror=array-bounds] >> 154 | u32 regoff = priv->properties->regoff[rno] + off; >> | ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~ >> drivers/pinctrl/pinctrl-microchip-sgpio.c:55:5: note: while referencing 'regoff' >> 55 | u8 regoff[MAXREG]; >> | ^~~~~~ >> >> It's not clear to me what was meant here, my best guess is that the >> offset should have been applied to the third argument instead of the >> second. >> >> Fixes: be2dc859abd4 ("pinctrl: pinctrl-microchip-sgpio: Add irq support (for sparx5)") >> Signed-off-by: Arnd Bergmann <arnd@arndb.de> > > Patch applied. > > Yours, > Linus Walleij I don't understand - I submitted a fix for this already in February (reported by Gustavo). It took some time for you to get it ack'ed - but you did (Feb 1st). Did it end up getting dropped? ---Lars -- Lars Povlsen, Microchip
On Sun, Mar 28, 2021 at 7:18 PM Lars Povlsen <lars.povlsen@microchip.com> wrote: > Linus Walleij writes: > > > On Tue, Mar 23, 2021 at 2:10 PM Arnd Bergmann <arnd@kernel.org> wrote: > > > >> From: Arnd Bergmann <arnd@arndb.de> > >> > >> Building with 'make W=1' shows an array overflow: > >> > >> drivers/pinctrl/pinctrl-microchip-sgpio.c: In function 'microchip_sgpio_irq_settype': > >> drivers/pinctrl/pinctrl-microchip-sgpio.c:154:39: error: array subscript 10 is above array bounds of 'const u8[10]' {aka 'const unsigned char[10]'} [-Werror=array-bounds] > >> 154 | u32 regoff = priv->properties->regoff[rno] + off; > >> | ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~ > >> drivers/pinctrl/pinctrl-microchip-sgpio.c:55:5: note: while referencing 'regoff' > >> 55 | u8 regoff[MAXREG]; > >> | ^~~~~~ > >> > >> It's not clear to me what was meant here, my best guess is that the > >> offset should have been applied to the third argument instead of the > >> second. > >> > >> Fixes: be2dc859abd4 ("pinctrl: pinctrl-microchip-sgpio: Add irq support (for sparx5)") > >> Signed-off-by: Arnd Bergmann <arnd@arndb.de> > > > > Patch applied. > > > > Yours, > > Linus Walleij > > I don't understand - I submitted a fix for this already in February > (reported by Gustavo). It took some time for you to get it ack'ed - but > you did (Feb 1st). > > Did it end up getting dropped? No I ended up with your fix in fixes, then forgot about it and applied Arnds fix to devel (for-next) and ended up getting a conflict in my face. Last night I rebased devel, dropped Arnds patch and thus solved the conflict. Yours, Linus Walleij
diff --git a/drivers/pinctrl/pinctrl-microchip-sgpio.c b/drivers/pinctrl/pinctrl-microchip-sgpio.c index f35edb0eac40..4740613cdd03 100644 --- a/drivers/pinctrl/pinctrl-microchip-sgpio.c +++ b/drivers/pinctrl/pinctrl-microchip-sgpio.c @@ -572,7 +572,7 @@ static void microchip_sgpio_irq_settype(struct irq_data *data, /* Type value spread over 2 registers sets: low, high bit */ sgpio_clrsetbits(bank->priv, REG_INT_TRIGGER, addr.bit, BIT(addr.port), (!!(type & 0x1)) << addr.port); - sgpio_clrsetbits(bank->priv, REG_INT_TRIGGER + SGPIO_MAX_BITS, addr.bit, + sgpio_clrsetbits(bank->priv, REG_INT_TRIGGER, addr.bit + SGPIO_MAX_BITS, BIT(addr.port), (!!(type & 0x2)) << addr.port); if (type == SGPIO_INT_TRG_LEVEL)