gpio: davinci: Validate the obtained number of IRQs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken
DT due to any error this value can be any. Without this value validation
there can be out of chips->irqs array boundaries access in
davinci_gpio_probe().

Validate the obtained nirq value so that it won't exceed the maximum
number of IRQs per bank.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: eb3744a2dd01 ("gpio: davinci: Do not assume continuous IRQ numbering")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Link: https://lore.kernel.org/r/20240618144344.16943-1-amishin@t-argos.ru
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>

authored by

Aleksandr Mishin and committed by

Bartosz Golaszewski 2 years ago 7aa9b96e bfc6444b

1 changed file

expand all

drivers

gpio

gpio-davinci.c

drivers/gpio/gpio-davinci.c

··· 225 225 else 226 226 nirq = DIV_ROUND_UP(ngpio, 16); 227 227 228 + if (nirq > MAX_INT_PER_BANK) { 229 + dev_err(dev, "Too many IRQs!\n"); 230 + return -EINVAL; 231 + } 232 + 228 233 chips = devm_kzalloc(dev, sizeof(*chips), GFP_KERNEL); 229 234 if (!chips) 230 235 return -ENOMEM;