>-----Original Message----- >From: Krzysztof Kozlowski [mailto:krzysztof.kozlowski@xxxxxxxxxxxxx] >Sent: Sunday, February 20, 2022 4:08 PM >To: Daniel Lezcano <daniel.lezcano@xxxxxxxxxx>; Thomas Gleixner ><tglx@xxxxxxxxxxxxx>; Krzysztof Kozlowski ><krzysztof.kozlowski@xxxxxxxxxxxxx>; Alim Akhtar ><alim.akhtar@xxxxxxxxxxx>; Thomas Abraham ><thomas.abraham@xxxxxxxxxx>; Stephen Warren <swarren@xxxxxxxxxx>; >Kukjin Kim <kgene.kim@xxxxxxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx; linux- >arm-kernel@xxxxxxxxxxxxxxxxxxx; linux-samsung-soc@xxxxxxxxxxxxxxx >Subject: [PATCH] clocksource/drivers/exynos_mct: Handle DTS with higher >number of interrupts > >The driver statically defines maximum number of interrupts it can handle, >however it does not respect that limit when configuring them. >When provided with a DTS with more interrupts than assumed, the driver will >overwrite static array mct_irqs leading to silent memory corruption. > >Validate the interrupts coming from DTS to avoid this. This does not change >the fact that such DTS might not boot at all, because it is simply incompatible, >however at least some warning will be printed. > >Fixes: 36ba5d527e95 ("ARM: EXYNOS: add device tree support for MCT >controller driver") >Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxxxxx> >--- Thanks, good to have this check. Reviewed-by: Alim Akhtar <alim.akhtar@xxxxxxxxxxx> > drivers/clocksource/exynos_mct.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > >diff --git a/drivers/clocksource/exynos_mct.c >b/drivers/clocksource/exynos_mct.c >index 6db3d5511b0f..03782b399ea1 100644 >--- a/drivers/clocksource/exynos_mct.c >+++ b/drivers/clocksource/exynos_mct.c >@@ -541,6 +541,11 @@ static int __init exynos4_timer_interrupts(struct >device_node *np, > * irqs are specified. > */ > nr_irqs = of_irq_count(np); >+ if (nr_irqs > ARRAY_SIZE(mct_irqs)) { >+ pr_err("exynos-mct: too many (%d) interrupts configured in >DT\n", >+ nr_irqs); >+ nr_irqs = ARRAY_SIZE(mct_irqs); >+ } > for (i = MCT_L0_IRQ; i < nr_irqs; i++) > mct_irqs[i] = irq_of_parse_and_map(np, i); > >@@ -553,11 +558,14 @@ static int __init exynos4_timer_interrupts(struct >device_node *np, > mct_irqs[MCT_L0_IRQ], err); > } else { > for_each_possible_cpu(cpu) { >- int mct_irq = mct_irqs[MCT_L0_IRQ + cpu]; >+ int mct_irq; > struct mct_clock_event_device *pcpu_mevt = > per_cpu_ptr(&percpu_mct_tick, cpu); > > pcpu_mevt->evt.irq = -1; >+ if (MCT_L0_IRQ + cpu >= ARRAY_SIZE(mct_irqs)) >+ break; >+ mct_irq = mct_irqs[MCT_L0_IRQ + cpu]; > > irq_set_status_flags(mct_irq, IRQ_NOAUTOEN); > if (request_irq(mct_irq, >-- >2.32.0
