On 14/02/2019 02:36, Brian Masney wrote: > SSBI GPIOs are numbered 1..ngpio, so the boundary check in > pm8xxx_domain_translate() is off by one. This patch corrects that check. > > Signed-off-by: Brian Masney <masneyb@xxxxxxxxxxxxx> > --- > Originally found by Bjorn Andersson in spmi-gpio. > > Linus: For your ib-qcom-ssbi branch. > > drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c b/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c > index 84a232450000..10575d6e2ba5 100644 > --- a/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c > +++ b/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c > @@ -710,7 +710,8 @@ static int pm8xxx_domain_translate(struct irq_domain *domain, > struct pm8xxx_gpio *pctrl = container_of(domain->host_data, > struct pm8xxx_gpio, chip); > > - if (fwspec->param_count != 2 || fwspec->param[0] >= pctrl->chip.ngpio) > + if (fwspec->param_count != 2 || fwspec->param[0] < 1 || > + fwspec->param[0] > pctrl->chip.ngpio) > return -EINVAL; > > *hwirq = fwspec->param[0] - PM8XXX_GPIO_PHYSICAL_OFFSET; I would write (using the wrap-around behavior for unsigned int) if (fwspec->param_count != 2 || fwspec->param[0] - 1 >= pctrl->chip.ngpio) return -EINVAL; Regards.