1. Patchew
  2. linux
  3. [PATCH 0/8] of/irq: fix bugs
  4. View patch

[PATCH 1/8] of/irq: Fix wrong value of variable @len in of_irq_parse_imap_parent()

Zijun Hu posted 8 patches 1 year ago
[PATCH 1/8] of/irq: Fix wrong value of variable @len in of_irq_parse_imap_parent()
Posted by Zijun Hu 1 year ago 
From: Zijun Hu <quic_zijuhu@quicinc.com>

Fix wrong @len value by 'len--' after 'imap++'
in of_irq_parse_imap_parent().

Fixes: 935df1bd40d4 ("of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw()")
Cc: stable@vger.kernel.org
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
---
 drivers/of/irq.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/of/irq.c b/drivers/of/irq.c
index 67fc0ceaa5f51c18c14f96f2bb9f82bcb66f890e..43cf60479b9e18eb0eec35f39c147deccd8fe8dd 100644
--- a/drivers/of/irq.c
+++ b/drivers/of/irq.c
@@ -111,6 +111,7 @@ const __be32 *of_irq_parse_imap_parent(const __be32 *imap, int len, struct of_ph
 	else
 		np = of_find_node_by_phandle(be32_to_cpup(imap));
 	imap++;
+	len--;
 
 	/* Check if not found */
 	if (!np) {

-- 
2.34.1
Re: [PATCH 1/8] of/irq: Fix wrong value of variable @len in of_irq_parse_imap_parent()
Posted by Rob Herring 1 year ago 
On Mon, Dec 09, 2024 at 09:24:59PM +0800, Zijun Hu wrote:
> From: Zijun Hu <quic_zijuhu@quicinc.com>
> 
> Fix wrong @len value by 'len--' after 'imap++'
> in of_irq_parse_imap_parent().
> 
> Fixes: 935df1bd40d4 ("of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw()")
> Cc: stable@vger.kernel.org
> Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
> ---
>  drivers/of/irq.c | 1 +
>  1 file changed, 1 insertion(+)

Applied, but rewrote the commit message:

of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()

On a malformed interrupt-map property which is shorter than expected by 
1 cell, we may read bogus data past the end of the property instead of
returning an error in of_irq_parse_imap_parent().

Decrement the remaining length when skipping over the interrupt parent  
phandle cell.
Re: [PATCH 1/8] of/irq: Fix wrong value of variable @len in of_irq_parse_imap_parent()
Posted by Zijun Hu 1 year ago 
On 2024/12/10 04:56, Rob Herring wrote:
> Applied, but rewrote the commit message:
> 
> of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()
> 
> On a malformed interrupt-map property which is shorter than expected by 
> 1 cell, we may read bogus data past the end of the property instead of
> returning an error in of_irq_parse_imap_parent().
> 
> Decrement the remaining length when skipping over the interrupt parent  
> phandle cell.

thank you Rob for these good corrections.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.