From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Bartosz Golaszewski <brgl@bgdev.pl>
Cc: Linus Walleij <linus.walleij@linaro.org>,
"open list:GPIO SUBSYSTEM" <linux-gpio@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] gpiolib: check for overflow when reading the 'ngpios' property
Date: Mon, 7 Mar 2022 12:23:56 +0200 [thread overview]
Message-ID: <YiXdPLGR3EVryJyB@smile.fi.intel.com> (raw)
In-Reply-To: <CAMRc=McRVSjiWxaDz0G5pWn7JxMXUV-b8VoUfvsLhc-iZSk4oQ@mail.gmail.com>
On Mon, Mar 07, 2022 at 11:08:51AM +0100, Bartosz Golaszewski wrote:
> On Mon, Mar 7, 2022 at 10:53 AM Andy Shevchenko
> <andriy.shevchenko@linux.intel.com> wrote:
> > On Mon, Mar 07, 2022 at 12:23:03AM +0200, Andy Shevchenko wrote:
> > > On Mon, Mar 7, 2022 at 12:19 AM Andy Shevchenko
> > > <andy.shevchenko@gmail.com> wrote:
> > > > On Mon, Mar 7, 2022 at 12:11 AM Bartosz Golaszewski <brgl@bgdev.pl> wrote:
> > > > > The ngpio fields both in struct gpio_device as well as gpio_chip are
> > > > > 16-bit unsigned integers. Let's not risk an overflow and check if the
> > > > > property value represented as a 32-bit unsigned integer is not greater
> > > > > than U16_MAX.
> > > >
> > > > ...
> > > >
> > > > > + if (ngpios > U16_MAX) {
> > > > > + ret = EINVAL;
> > > > > + goto err_free_descs;
> > > > > + }
> > > >
> > > > I don't think it's a fatal error in this case. I would perhaps print a
> > > > warning and simply use a masked (which is done implicitly by an
> > > > assignment of the different type) value. Note, the above is buggy on
> > > > the buggy DTs, where the upper part of the value is not used. After
> > > > this patch you effectively make a regression on, yes, broken DTs.
> > >
> > > Like
> > >
> > > if (ngpios > U16_MAX)
> > > chip_warn(gc, "line cnt %u is greater than supported; use
> > > %u\n", ngpios, (u16)ngpio);
> >
> > Or to be on safer side move this after == 0 check as
> >
> > if (gc->ngpio != ngpios)
> > chip_warn(gc, "line cnt %u is greater than supported; use %u\n", ngpios, gc->ngpio);
> >
>
> ngpios is not necessarily used so this check must be in the scope of
> the device property read (inside the if (gc->ngpio == 0) { block).
Can be done as
if (gc->ngpio == 0) {
...
} else {
ngpios = gc->ngpio;
}
if (gc->ngpio == 0) {
...
}
if (gc->ngpio != ngpios)
chip_warn(gc, "line cnt %u is greater than supported; use %u\n", ngpios, gc->ngpio);
The point of this exercise is to avoid hard coded type of the variable in a
few places, so if gc->ngpio and/or ngpios have changed type in the future,
you don't need to change this code.
--
With Best Regards,
Andy Shevchenko
prev parent reply other threads:[~2022-03-07 11:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-06 19:34 [PATCH] gpiolib: check for overflow when reading the 'ngpios' property Bartosz Golaszewski
2022-03-06 22:19 ` Andy Shevchenko
2022-03-06 22:23 ` Andy Shevchenko
2022-03-07 9:53 ` Andy Shevchenko
2022-03-07 10:08 ` Bartosz Golaszewski
2022-03-07 10:23 ` Andy Shevchenko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YiXdPLGR3EVryJyB@smile.fi.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=brgl@bgdev.pl \
--cc=linus.walleij@linaro.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.