In DT path of translate callback, if fwspec->param_count==1 and of_node is non-null, fwspec->param[1] will be accessed, which is introduced from previous commit bcdd75c596c8 (irqchip/loongson-pch-pic: Add ACPI init support). Before the patch, for non-null of_node, translate callback (use irq_domain_translate_twocell) will return -EINVAL if fwspec->param_count < 2, so the check in the patch is added. Fixes: bcdd75c596c8 ("irqchip/loongson-pch-pic: Add ACPI init support") Signed-off-by: Jianmin Lv <lvjianmin@xxxxxxxxxxx> --- drivers/irqchip/irq-loongson-pch-pic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/irqchip/irq-loongson-pch-pic.c b/drivers/irqchip/irq-loongson-pch-pic.c index c01b9c257005..03493cda65a3 100644 --- a/drivers/irqchip/irq-loongson-pch-pic.c +++ b/drivers/irqchip/irq-loongson-pch-pic.c @@ -159,6 +159,9 @@ static int pch_pic_domain_translate(struct irq_domain *d, return -EINVAL; if (of_node) { + if (fwspec->param_count < 2) + return -EINVAL; + *hwirq = fwspec->param[0] + priv->ht_vec_base; *type = fwspec->param[1] & IRQ_TYPE_SENSE_MASK; } else { -- 2.31.1