If CONFIG_OF_PLATDATA=y , then the udevice has no valid OF node associated with it and ofnode_valid(node) evaluates to 0. The dev_read_u32_default() call ultimately reaches ofnode_read_u32_index() which invokes fdt_getprop() and passes result of ofnode_to_offset(node) as an offset parameter into it.
The ofnode_to_offset(node) returns -1 for invalid node, which leads to an fdt_getprop(..., -1, ...) invocation, which will crash sandbox with SIGSEGV because libfdt can not handle negative node offsets without full tree check, which U-Boot inhibits to keep size lower. Since gpio_sandbox_probe() already calls dev_has_ofnode(dev) and assigns uc_priv->gpio_count to CONFIG_SANDBOX_GPIO_COUNT accordingly, add matching dev_has_ofnode(dev) check into sandbox_gpio_of_to_plat() and do not call any of the dev_read_*() functions for devices without valid nodes there either. Signed-off-by: Marek Vasut <[email protected]> --- Cc: Simon Glass <[email protected]> Cc: Tom Rini <[email protected]> Cc: [email protected] --- drivers/gpio/sandbox.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/gpio/sandbox.c b/drivers/gpio/sandbox.c index f5be2781443..4f35fd2f4ee 100644 --- a/drivers/gpio/sandbox.c +++ b/drivers/gpio/sandbox.c @@ -327,13 +327,14 @@ static const struct dm_gpio_ops gpio_sandbox_ops = { static int sandbox_gpio_of_to_plat(struct udevice *dev) { - if (CONFIG_IS_ENABLED(OF_REAL)) { - struct gpio_dev_priv *uc_priv = dev_get_uclass_priv(dev); + struct gpio_dev_priv *uc_priv = dev_get_uclass_priv(dev); - uc_priv->gpio_count = - dev_read_u32_default(dev, "sandbox,gpio-count", 0); - uc_priv->bank_name = dev_read_string(dev, "gpio-bank-name"); - } + if (!CONFIG_IS_ENABLED(OF_REAL) || !dev_has_ofnode(dev)) + return 0; + + uc_priv->gpio_count = + dev_read_u32_default(dev, "sandbox,gpio-count", 0); + uc_priv->bank_name = dev_read_string(dev, "gpio-bank-name"); return 0; } -- 2.51.0
