The code currently organized in a way that num_chipselect is overwritten
each time we call spi_get_gpio_descs(). It might be potentially dangerous
in case when the gpiod_count() returns an error code.
Note, that gpiod_count() never returns 0, take this into account as well.
Fixes: f3186dd87669 ("spi: Optionally use GPIO descriptors for CS GPIOs")
Signed-off-by: Andy Shevchenko <andriy.shevche...@linux.intel.com>
---
drivers/spi/spi.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 74b2b1dd358b..36c46feab6d4 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -2558,13 +2558,14 @@ static int spi_get_gpio_descs(struct spi_controller
*ctlr)
unsigned int num_cs_gpios = 0;
nb = gpiod_count(dev, "cs");
- ctlr->num_chipselect = max_t(int, nb, ctlr->num_chipselect);
-
- /* No GPIOs at all is fine, else return the error */
- if (nb == 0 || nb == -ENOENT)
- return 0;
- else if (nb < 0)
+ if (nb < 0) {
+ /* No GPIOs at all is fine, else return the error */
+ if (nb == -ENOENT)
+ return 0;
return nb;
+ }
+
+ ctlr->num_chipselect = max_t(int, nb, ctlr->num_chipselect);
cs = devm_kcalloc(dev, ctlr->num_chipselect, sizeof(*cs),
GFP_KERNEL);
--
2.30.2
