diff options
| author | Yu-Ping Wu <yupingso@chromium.org> | 2024-11-01 11:15:19 +0800 |
|---|---|---|
| committer | Yu-Ping Wu <yupingso@google.com> | 2024-11-04 00:09:03 +0000 |
| commit | 4873b6bc7a35a36fcd2a850b2c0b3f6e421d440c (patch) | |
| tree | a851fc92df0aab66f25a2d70f7c1d628c4ab44a4 /src/soc/mediatek | |
| parent | cb11ad06c205ce33477204ef56de177ef9277432 (diff) | |
soc/mediatek/mt8188/spi: Fix out-of-bound array access for pad_funcs
The size of the inner array of the 2-dimensional array pad_funcs should
be 4 instead of SPI_BUS_NUMBER (6). This bug leads to two extra
gpio_set_mode() calls with unexpected GPIOs.
Inspecting spi.o, the data immediately after the .rodata.pad_funcs
section is .rodata.spi_ctrlr_bus_map, with the following data:
00000428 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00
00000438 00 00 00 00 00 00 00 00 ...
This is equivalent to the following calls:
gpio_set_mode(GPIO(GPIO05), 0);
gpio_set_mode(GPIO(GPIO00), 0);
The second call is already included in the pad_funcs array, so the first
call is the only practical impact of this bug.
Change-Id: I9c44f09b3cdadbbf039b95efca7144f213672092
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/84950
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yidi Lin <yidilin@google.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Diffstat (limited to 'src/soc/mediatek')
| -rw-r--r-- | src/soc/mediatek/mt8188/spi.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/soc/mediatek/mt8188/spi.c b/src/soc/mediatek/mt8188/spi.c index 994663d02c..66fbf0f373 100644 --- a/src/soc/mediatek/mt8188/spi.c +++ b/src/soc/mediatek/mt8188/spi.c @@ -114,7 +114,7 @@ void mtk_spi_set_gpio_pinmux(unsigned int bus, enum spi_pad_mask pad_select) ptr = pad_funcs[bus]; - for (unsigned int i = 0; i < SPI_BUS_NUMBER; i++) + for (unsigned int i = 0; i < ARRAY_SIZE(pad_funcs[0]); i++) gpio_set_mode(ptr[i].gpio, ptr[i].func); } |