mailbox: pcc: fix channel calculation in get_pcc_channel()

Alexey Klimov · JassiBrar · commit e9c8dc8ba96b · 2016-02-02T16:39:13.000+05:30
This patch fixes the calculation of pcc_chan for non-zero id.
After the compiler ignores the (unsigned long) cast the
pcc_mbox_channels pointer is type-cast and then the type-cast
offset is added which results in address outside of the range
leading to the kernel crashing.

We might add braces and make it:

pcc_chan = (struct mbox_chan *)
		((unsigned long) pcc_mbox_channels +
		(id * sizeof(*pcc_chan)));

but let's go with array approach here and use id as index.

Tested on Juno board.

Signed-off-by: Alexey Klimov &lt;alexey.klimov@arm.com&gt;
Acked-by: Sudeep Holla &lt;sudeep.holla@arm.com&gt;
Acked-by: Ashwin Chaugule &lt;ashwin.chaugule@linaro.org&gt;
Signed-off-by: Jassi Brar &lt;jaswinder.singh@linaro.org&gt;
diff --git a/drivers/mailbox/pcc.c b/drivers/mailbox/pcc.c
@@ -81,16 +81,10 @@ static struct mbox_controller pcc_mbox_ctrl = {};
  */
 static struct mbox_chan *get_pcc_channel(int id)
 {
-	struct mbox_chan *pcc_chan;
-
 	if (id < 0 || id > pcc_mbox_ctrl.num_chans)
 		return ERR_PTR(-ENOENT);
 
-	pcc_chan = (struct mbox_chan *)
-		(unsigned long) pcc_mbox_channels +
-		(id * sizeof(*pcc_chan));
-
-	return pcc_chan;
+	return &pcc_mbox_channels[id];
 }
 
 /**
