From cae025aab3e8ea8ad455cce8b0e4647401cdd091 Mon Sep 17 00:00:00 2001
From: Robert Baldyga <r.baldyga@samsung.com>
Date: Thu, 18 Sep 2014 17:13:07 +0200
Subject: [PATCH] dm: avoid dev->req_seq overflow

Since dev->req_seq value is initialized from "reg" property of fdt node,
there is posibility, that address value contained in fdt is greater than
INT_MAX, and then value in dev->req_seq is negative which led to probe()
fail.

This patch fix this problem by ensuring that req_seq is positive, unless
it's one of errno codes.

Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Acked-by: Simon Glass <sjg@chromium.org>
---
 drivers/core/device.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/core/device.c b/drivers/core/device.c
index ef41a9be3ed..32e80e82b59 100644
--- a/drivers/core/device.c
+++ b/drivers/core/device.c
@@ -109,6 +109,8 @@ int device_bind(struct udevice *parent, struct driver *drv, const char *name,
 	dev->seq = -1;
 #ifdef CONFIG_OF_CONTROL
 	dev->req_seq = fdtdec_get_int(gd->fdt_blob, of_offset, "reg", -1);
+	if (!IS_ERR_VALUE(dev->req_seq))
+		dev->req_seq &= INT_MAX;
 	if (uc->uc_drv->name && of_offset != -1) {
 		fdtdec_get_alias_seq(gd->fdt_blob, uc->uc_drv->name, of_offset,
 				     &dev->req_seq);
-- 
GitLab