The size of each hwid in a cpu nodes 'reg' property is defined by the
parents #address-cells property in the normal way. The cpu parsing code
has a bug where it will overrun the end of the property if
address-cells is greater than one. This commit fixes the problem by
adjusting the array size by the number of address cells. It also makes
sure address-cells isn't zero for that would cause an infinite loop.
v2: bail if #address-cells is zero instead of forcing to
OF_ROOT_NODE_ADDR_CELLS_DEFAULT. Forcing it will cause the reg
property to be parsed incorrectly.
Signed-off-by: Grant Likely <grant.likely@xxxxxxxxxx>
Cc: Rob Herring <rob.herring@xxxxxxxxxxx>
Cc: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
---
drivers/of/base.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/of/base.c b/drivers/of/base.c
index 15c4b59..a96f850 100644
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -272,9 +272,9 @@ static bool __of_find_n_match_cpu_property(struct device_node *cpun,
ac = of_n_addr_cells(cpun);
cell = of_get_property(cpun, prop_name, &prop_len);
- if (!cell)
+ if (!cell || !ac)
return false;
- prop_len /= sizeof(*cell);
+ prop_len /= sizeof(*cell) * ac;
for (tid = 0; tid < prop_len; tid++) {
hwid = of_read_number(cell, ac);
if (arch_match_cpu_phys_id(cpu, hwid)) {
--
1.8.1.2
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
