提交 44a08de2 编写于 作者: A Andreas Herrmann 提交者: Will Deacon

iommu/arm-smmu: Check for num_context_irqs > 0 to avoid divide by zero exception

With the right (or wrong;-) definition of v1 SMMU node in DTB it is
possible to trigger a division by zero in arm_smmu_init_domain_context
(if number of context irqs is 0):

       if (smmu->version == 1) {
               root_cfg->irptndx = atomic_inc_return(&smmu->irptndx);
 =>            root_cfg->irptndx %= smmu->num_context_irqs;
       } else {

Avoid this by checking for num_context_irqs > 0 when probing
for SMMU devices.
Signed-off-by: NAndreas Herrmann <andreas.herrmann@calxeda.com>
[will: changed to dev_err on probe failure path]
Signed-off-by: NWill Deacon <will.deacon@arm.com>
上级 c55af7f7
...@@ -1798,12 +1798,11 @@ static int arm_smmu_device_dt_probe(struct platform_device *pdev) ...@@ -1798,12 +1798,11 @@ static int arm_smmu_device_dt_probe(struct platform_device *pdev)
smmu->num_context_irqs++; smmu->num_context_irqs++;
} }
if (num_irqs < smmu->num_global_irqs) { if (!smmu->num_context_irqs) {
dev_warn(dev, "found %d interrupts but expected at least %d\n", dev_err(dev, "found %d interrupts but expected at least %d\n",
num_irqs, smmu->num_global_irqs); num_irqs, smmu->num_global_irqs + 1);
smmu->num_global_irqs = num_irqs; return -ENODEV;
} }
smmu->num_context_irqs = num_irqs - smmu->num_global_irqs;
smmu->irqs = devm_kzalloc(dev, sizeof(*smmu->irqs) * num_irqs, smmu->irqs = devm_kzalloc(dev, sizeof(*smmu->irqs) * num_irqs,
GFP_KERNEL); GFP_KERNEL);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册