Unverified Commit 3f05010f authored Jun 20, 2022 by Aidan MacDonald Committed by Mark Brown Jun 22, 2022

regmap-irq: Fix offset/index mismatch in read_sub_irq_data()

We need to divide the sub-irq status register offset by register
stride to get an index for the status buffer to avoid an out of
bounds write when the register stride is greater than 1.

Fixes: a2d21848 ("regmap: regmap-irq: Add main status register support")
Signed-off-by: Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
Link: https://lore.kernel.org/r/20220620200644.1961936-3-aidanmacdonald.0x0@gmail.com

Signed-off-by: Mark Brown <broonie@kernel.org>

parent 485037ae

drivers/base/regmap/regmap-irq.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -387,6 +387,7 @@ static inline int read_sub_irq_data(struct regmap_irq_chip_data *data,
		subreg = &chip->sub_reg_offsets[b];
		for (i = 0; i < subreg->num_regs; i++) {
		unsigned int offset = subreg->offset[i];
		unsigned int index = offset / map->reg_stride;

		if (chip->not_fixed_stride)
		ret = regmap_read(map,
		@@ -395,7 +396,7 @@ static inline int read_sub_irq_data(struct regmap_irq_chip_data *data,
		else
		ret = regmap_read(map,
		chip->status_base + offset,
		&data->status_buf[offset]);
		&data->status_buf[index]);

		if (ret)
		break;