[PATCH 3/3] pinctrl: single: fix infinite loop caused by bad mask
From: Tomi Valkeinen
Date: Thu Nov 28 2013 - 06:29:52 EST
If the masks in DT data are not quite right,
pcs_parse_bits_in_pinctrl_entry() can end up in an infinite loop,
trashing memory at the same time.
Add a check to verify that each loop actually removes bits from the
'mask', so that the loop can eventually end.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@xxxxxx>
---
drivers/pinctrl/pinctrl-single.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
index 174f4c50cd77..de6459628b4f 100644
--- a/drivers/pinctrl/pinctrl-single.c
+++ b/drivers/pinctrl/pinctrl-single.c
@@ -1318,6 +1318,14 @@ static int pcs_parse_bits_in_pinctrl_entry(struct pcs_device *pcs,
mask_pos = ((pcs->fmask) << (bit_pos - 1));
val_pos = val & mask_pos;
submask = mask & mask_pos;
+
+ if ((mask & mask_pos) == 0) {
+ dev_err(pcs->dev,
+ "Invalid mask for %s at 0x%x\n",
+ np->name, offset);
+ break;
+ }
+
mask &= ~mask_pos;
if (submask != mask_pos) {
--
1.8.3.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/