From: Robert Baldyga <r.baldyga@samsung.com>
Date: Thu, 18 Sep 2014 15:13:07 +0000 (+0200)
Subject: dm: avoid dev->req_seq overflow
X-Git-Tag: KARO-TXA5-2015-06-26~640^2
X-Git-Url: https://git.kernelconcepts.de/?p=karo-tx-uboot.git;a=commitdiff_plain;h=cae025aab3e8ea8ad455cce8b0e4647401cdd091

dm: avoid dev->req_seq overflow

Since dev->req_seq value is initialized from "reg" property of fdt node,
there is posibility, that address value contained in fdt is greater than
INT_MAX, and then value in dev->req_seq is negative which led to probe()
fail.

This patch fix this problem by ensuring that req_seq is positive, unless
it's one of errno codes.

Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Acked-by: Simon Glass <sjg@chromium.org>
---

diff --git a/drivers/core/device.c b/drivers/core/device.c
index ef41a9be3e..32e80e82b5 100644
--- a/drivers/core/device.c
+++ b/drivers/core/device.c
@@ -109,6 +109,8 @@ int device_bind(struct udevice *parent, struct driver *drv, const char *name,
 	dev->seq = -1;
 #ifdef CONFIG_OF_CONTROL
 	dev->req_seq = fdtdec_get_int(gd->fdt_blob, of_offset, "reg", -1);
+	if (!IS_ERR_VALUE(dev->req_seq))
+		dev->req_seq &= INT_MAX;
 	if (uc->uc_drv->name && of_offset != -1) {
 		fdtdec_get_alias_seq(gd->fdt_blob, uc->uc_drv->name, of_offset,
 				     &dev->req_seq);