[PATCH 1/2] power: regulator: gpio-regulator: protect count value
Update the size of states_array to avoid overflow for dev_pdata->voltages[j] and dev_pdata->states[j].
As the size of array is GPIO_REGULATOR_MAX_STATES, the size of states_array is limited by GPIO_REGULATOR_MAX_STATES * 2 = 4 instead of 8 previously.
The value of the "count" variable is limited by the third parameter of fdtdec_get_int_array_count.
Signed-off-by: Patrick Delaunay patrick.delaunay@st.com ---
drivers/power/regulator/gpio-regulator.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/power/regulator/gpio-regulator.c b/drivers/power/regulator/gpio-regulator.c index 947f812d09..017a3644fe 100644 --- a/drivers/power/regulator/gpio-regulator.c +++ b/drivers/power/regulator/gpio-regulator.c @@ -35,7 +35,7 @@ static int gpio_regulator_ofdata_to_platdata(struct udevice *dev) const void *blob = gd->fdt_blob; int node = dev_of_offset(dev); int ret, count, i, j; - u32 states_array[8]; + u32 states_array[GPIO_REGULATOR_MAX_STATES * 2];
dev_pdata = dev_get_platdata(dev); uc_pdata = dev_get_uclass_platdata(dev); @@ -58,7 +58,8 @@ static int gpio_regulator_ofdata_to_platdata(struct udevice *dev) debug("regulator gpio - not found! Error: %d", ret);
count = fdtdec_get_int_array_count(blob, node, "states", - states_array, 8); + states_array, + ARRAY_SIZE(states_array));
if (!count) return -EINVAL;
Use ofnode_ or dev_ APIs instead of fdt_ and fdtdec_ APIs so that the driver can support live DT.
Signed-off-by: Patrick Delaunay patrick.delaunay@st.com ---
drivers/power/regulator/gpio-regulator.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/drivers/power/regulator/gpio-regulator.c b/drivers/power/regulator/gpio-regulator.c index 017a3644fe..28c9e222e2 100644 --- a/drivers/power/regulator/gpio-regulator.c +++ b/drivers/power/regulator/gpio-regulator.c @@ -18,8 +18,6 @@
#define GPIO_REGULATOR_MAX_STATES 2
-DECLARE_GLOBAL_DATA_PTR; - struct gpio_regulator_platdata { struct regulator_common_platdata common; struct gpio_desc gpio; /* GPIO for regulator voltage control */ @@ -32,8 +30,6 @@ static int gpio_regulator_ofdata_to_platdata(struct udevice *dev) struct dm_regulator_uclass_platdata *uc_pdata; struct gpio_regulator_platdata *dev_pdata; struct gpio_desc *gpio; - const void *blob = gd->fdt_blob; - int node = dev_of_offset(dev); int ret, count, i, j; u32 states_array[GPIO_REGULATOR_MAX_STATES * 2];
@@ -57,12 +53,20 @@ static int gpio_regulator_ofdata_to_platdata(struct udevice *dev) if (ret) debug("regulator gpio - not found! Error: %d", ret);
- count = fdtdec_get_int_array_count(blob, node, "states", - states_array, - ARRAY_SIZE(states_array)); + ret = dev_read_size(dev, "states"); + if (ret < 0) + return ret;
- if (!count) - return -EINVAL; + count = ret / sizeof(states_array[0]); + if (count > ARRAY_SIZE(states_array)) { + debug("regulator gpio - to many states (%d > %d)", + count / 2, GPIO_REGULATOR_MAX_STATES); + count = ARRAY_SIZE(states_array); + } + + ret = dev_read_u32_array(dev, "states", states_array, count); + if (ret < 0) + return ret;
for (i = 0, j = 0; i < count; i += 2) { dev_pdata->voltages[j] = states_array[i];
On Thu, 10 Sep 2020 at 10:18, Patrick Delaunay patrick.delaunay@st.com wrote:
Use ofnode_ or dev_ APIs instead of fdt_ and fdtdec_ APIs so that the driver can support live DT.
Signed-off-by: Patrick Delaunay patrick.delaunay@st.com
drivers/power/regulator/gpio-regulator.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org
On Thu, Sep 10, 2020 at 06:18:17PM +0200, Patrick Delaunay wrote:
Use ofnode_ or dev_ APIs instead of fdt_ and fdtdec_ APIs so that the driver can support live DT.
Signed-off-by: Patrick Delaunay patrick.delaunay@st.com Reviewed-by: Simon Glass sjg@chromium.org
Applied to u-boot/master, thanks!
On Thu, 10 Sep 2020 at 10:18, Patrick Delaunay patrick.delaunay@st.com wrote:
Update the size of states_array to avoid overflow for dev_pdata->voltages[j] and dev_pdata->states[j].
As the size of array is GPIO_REGULATOR_MAX_STATES, the size of states_array is limited by GPIO_REGULATOR_MAX_STATES * 2 = 4 instead of 8 previously.
The value of the "count" variable is limited by the third parameter of fdtdec_get_int_array_count.
Signed-off-by: Patrick Delaunay patrick.delaunay@st.com
drivers/power/regulator/gpio-regulator.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org
On Thu, Sep 10, 2020 at 06:18:16PM +0200, Patrick Delaunay wrote:
Update the size of states_array to avoid overflow for dev_pdata->voltages[j] and dev_pdata->states[j].
As the size of array is GPIO_REGULATOR_MAX_STATES, the size of states_array is limited by GPIO_REGULATOR_MAX_STATES * 2 = 4 instead of 8 previously.
The value of the "count" variable is limited by the third parameter of fdtdec_get_int_array_count.
Signed-off-by: Patrick Delaunay patrick.delaunay@st.com Reviewed-by: Simon Glass sjg@chromium.org
Applied to u-boot/master, thanks!
participants (3)
-
Patrick Delaunay -
Simon Glass -
Tom Rini