aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/sbus/char/openprom.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/sbus/char/openprom.c')
-rw-r--r--drivers/sbus/char/openprom.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/drivers/sbus/char/openprom.c b/drivers/sbus/char/openprom.c
index 293bb2fdb1d5..2f698763ba5d 100644
--- a/drivers/sbus/char/openprom.c
+++ b/drivers/sbus/char/openprom.c
@@ -145,8 +145,9 @@ static int opromgetprop(void __user *argp, struct device_node *dp, struct openpr
145 void *pval; 145 void *pval;
146 int len; 146 int len;
147 147
148 pval = of_get_property(dp, op->oprom_array, &len); 148 if (!dp ||
149 if (!pval || len <= 0 || len > bufsize) 149 !(pval = of_get_property(dp, op->oprom_array, &len)) ||
150 len <= 0 || len > bufsize)
150 return copyout(argp, op, sizeof(int)); 151 return copyout(argp, op, sizeof(int));
151 152
152 memcpy(op->oprom_array, pval, len); 153 memcpy(op->oprom_array, pval, len);
@@ -161,6 +162,8 @@ static int opromnxtprop(void __user *argp, struct device_node *dp, struct openpr
161 struct property *prop; 162 struct property *prop;
162 int len; 163 int len;
163 164
165 if (!dp)
166 return copyout(argp, op, sizeof(int));
164 if (op->oprom_array[0] == '\0') { 167 if (op->oprom_array[0] == '\0') {
165 prop = dp->properties; 168 prop = dp->properties;
166 if (!prop) 169 if (!prop)
@@ -266,9 +269,13 @@ static int oprompci2node(void __user *argp, struct device_node *dp, struct openp
266 269
267static int oprompath2node(void __user *argp, struct device_node *dp, struct openpromio *op, int bufsize, DATA *data) 270static int oprompath2node(void __user *argp, struct device_node *dp, struct openpromio *op, int bufsize, DATA *data)
268{ 271{
272 phandle ph = 0;
273
269 dp = of_find_node_by_path(op->oprom_array); 274 dp = of_find_node_by_path(op->oprom_array);
275 if (dp)
276 ph = dp->node;
270 data->current_node = dp; 277 data->current_node = dp;
271 *((int *)op->oprom_array) = dp->node; 278 *((int *)op->oprom_array) = ph;
272 op->oprom_size = sizeof(int); 279 op->oprom_size = sizeof(int);
273 280
274 return copyout(argp, op, bufsize + sizeof(int)); 281 return copyout(argp, op, bufsize + sizeof(int));