[PATCH 3/4] mtd: rawnand: marvell: fix error handling of subop helpers

[miquel.raynal@xxxxxxxxxxx (Miquel Raynal)]

A report from Colin Ian King pointed a CoverityScan issue where error
values on these helpers where not checked in the drivers. These
helpers could error out only in case of a software bug in driver code,
not because of a runtime/hardware error but in any cases it is safer
to handle these errors properly.

Fix the Marvell NAND controller driver implementation by checking
potential negative error values.

Fixes: 02f26ecf8c77 ("mtd: nand: add reworked Marvell NAND controller driver")
Cc: stable at vger.kernel.org
Signed-off-by: Miquel Raynal <miquel.raynal at bootlin.com>
---
 drivers/mtd/nand/raw/marvell_nand.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c
index 07b8a2677c10..1bb0cf6c945f 100644
--- a/drivers/mtd/nand/raw/marvell_nand.c
+++ b/drivers/mtd/nand/raw/marvell_nand.c
@@ -1554,6 +1554,9 @@ static int marvell_nfc_parse_instructions(struct nand_chip *chip,
 		const u8 *addrs;
 		int len = nand_subop_get_data_len(subop, op_id);
 
+		if (len < 0)
+			return -EINVAL;
+
 		instr = &subop->instrs[op_id];
 
 		switch (instr->type) {
@@ -1573,6 +1576,9 @@ static int marvell_nfc_parse_instructions(struct nand_chip *chip,
 		case NAND_OP_ADDR_INSTR:
 			offset = nand_subop_get_addr_start_off(subop, op_id);
 			naddrs = nand_subop_get_num_addr_cyc(subop, op_id);
+			if (offset < 0 || naddrs < 0)
+				return -EINVAL;
+
 			addrs = &instr->ctx.addr.addrs[offset];
 
 			nfc_op->ndcb[0] |= NDCB0_ADDR_CYC(naddrs);
@@ -1638,6 +1644,9 @@ static int marvell_nfc_xfer_data_pio(struct nand_chip *chip,
 	bool reading = (instr->type == NAND_OP_DATA_IN_INSTR);
 	int ret;
 
+	if (len < 0 || offset < 0)
+		return -EINVAL;
+
 	if (instr->ctx.data.force_8bit)
 		marvell_nfc_force_byte_access(chip, true);
 
-- 
2.14.1