From: Dan Carpenter <dan.carpenter@linaro.org>
Date: Fri, 2 May 2025 08:40:15 +0000 (+0300)
Subject: platform/x86: oxpec: Add a lower bounds check in oxp_psy_ext_set_prop()
X-Git-Tag: v6.16-rc1~125^2~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5925f438429330e649cef67cb364af03f2175f7;p=thirdparty%2Flinux.git

platform/x86: oxpec: Add a lower bounds check in oxp_psy_ext_set_prop()

The "val->intval" variable is an integer which comes from the user.  This
code has an upper bounds check but the lower bounds check was
accidentally omitted.  The write_to_ec() take a u8 value as a parameter
so negative values would be truncated to positive values in the 0-255
range.

Return -EINVAL if the user passes a negative value.

Fixes: 202593d1e86b ("platform/x86: oxpec: Add charge threshold and behaviour to OneXPlayer")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Antheas Kapenekakis <lkml@antheas.dev>
Link: https://lore.kernel.org/r/aBSE71VKfBlQg_fZ@stanley.mountain
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
---

diff --git a/drivers/platform/x86/oxpec.c b/drivers/platform/x86/oxpec.c
index 4b48f4571b09b..de70ca7e84938 100644
--- a/drivers/platform/x86/oxpec.c
+++ b/drivers/platform/x86/oxpec.c
@@ -582,7 +582,7 @@ static int oxp_psy_ext_set_prop(struct power_supply *psy,
 
 	switch (psp) {
 	case POWER_SUPPLY_PROP_CHARGE_CONTROL_END_THRESHOLD:
-		if (val->intval > 100)
+		if (val->intval < 0 || val->intval > 100)
 			return -EINVAL;
 		return write_to_ec(OXP_X1_CHARGE_LIMIT_REG, val->intval);
 	case POWER_SUPPLY_PROP_CHARGE_BEHAVIOUR: