Staging: VME: PIO2: Correct irq reset

The loop used to reset the interrupt masks has faulty logic. There are 4
banks of 8 I/O, however each mask is comprised of 2 bits and thus there are
8 sets of registers to clear. Driver was wrongly equating this with 8 banks
leading to a us writing past the end of the "bank" array (used to store mask
configuration as these registers are write only) and thus causing memory
corruption. Clear both registers of masks for each bank and half iterations.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martyn Welch <martyn.welch@ge.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/staging/vme/devices/vme_pio2_gpio.c b/drivers/staging/vme/devices/vme_pio2_gpio.c
index 2ac88ad..dc837de 100644 (file)
--- a/drivers/staging/vme/devices/vme_pio2_gpio.c
+++ b/drivers/staging/vme/devices/vme_pio2_gpio.c
@@ -159,9 +159,14 @@ int pio2_gpio_reset(struct pio2_card *card)
        }
 
        /* Set input interrupt masks */
-       for (i = 0; i < 8; i++) {
+       for (i = 0; i < 4; i++) {
+               retval = vme_master_write(card->window, &data, 1,
+                       PIO2_REGS_INT_MASK[i * 2]);
+               if (retval < 0)
+                       return retval;
+
                retval = vme_master_write(card->window, &data, 1,
-                       PIO2_REGS_INT_MASK[i]);
+                       PIO2_REGS_INT_MASK[(i * 2) + 1]);
                if (retval < 0)
                        return retval;