From e587886a6112e476a74a26e6cf7068a23723097c Mon Sep 17 00:00:00 2001
From: Simon Glass <sjg@chromium.org>
Date: Wed, 25 Sep 2019 08:55:46 -0600
Subject: [PATCH 1/2] dm: core: Correct low cell in ofnode_read_pci_addr()

This reads the low cell of the PCI address from the wrong cell. Fix it.
Also fix the function that this code came from.

Fixes: 9e51204527 (dm: core: Add operations on device tree references)
Fixes: 4ea5243a3a (fdt: fix fdtdec_get_pci_addr() for CONFIG_PHYS_64BIT)
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
---
 drivers/core/ofnode.c | 2 +-
 lib/fdtdec.c          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/core/ofnode.c b/drivers/core/ofnode.c
index 7eca00cd66..5d47eccf1d 100644
--- a/drivers/core/ofnode.c
+++ b/drivers/core/ofnode.c
@@ -617,7 +617,7 @@ int ofnode_read_pci_addr(ofnode node, enum fdt_pci_space type,
 			if ((fdt32_to_cpu(*cell) & type) == type) {
 				addr->phys_hi = fdt32_to_cpu(cell[0]);
 				addr->phys_mid = fdt32_to_cpu(cell[1]);
-				addr->phys_lo = fdt32_to_cpu(cell[1]);
+				addr->phys_lo = fdt32_to_cpu(cell[2]);
 				break;
 			}
 
diff --git a/lib/fdtdec.c b/lib/fdtdec.c
index 74525c84e7..74430c8b2f 100644
--- a/lib/fdtdec.c
+++ b/lib/fdtdec.c
@@ -217,7 +217,7 @@ int fdtdec_get_pci_addr(const void *blob, int node, enum fdt_pci_space type,
 			if ((fdt32_to_cpu(*cell) & type) == type) {
 				addr->phys_hi = fdt32_to_cpu(cell[0]);
 				addr->phys_mid = fdt32_to_cpu(cell[1]);
-				addr->phys_lo = fdt32_to_cpu(cell[1]);
+				addr->phys_lo = fdt32_to_cpu(cell[2]);
 				break;
 			}
 

From e18c41fca46a33bf76b4664796e3e132dc71c6cb Mon Sep 17 00:00:00 2001
From: Simon Glass <sjg@chromium.org>
Date: Wed, 25 Sep 2019 08:55:50 -0600
Subject: [PATCH 2/2] dm: core: Correct bad cast in
 ofnode_get_addr_size_index()

At present this code passes an fdt_addr_t pointer as a u64 pointer which
is not safe, since sizeof(fdt_addr_t) may be 4, e.g. with sandbox. Correct
this to avoid a stack corruption problem.

Fixes: e679d03b08 (core: ofnode: Add ofnode_get_addr_size_index)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[bmeng: correct one typo in the commit message]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
---
 drivers/core/ofnode.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/core/ofnode.c b/drivers/core/ofnode.c
index 5d47eccf1d..297f0a0c7c 100644
--- a/drivers/core/ofnode.c
+++ b/drivers/core/ofnode.c
@@ -261,12 +261,15 @@ fdt_addr_t ofnode_get_addr_size_index(ofnode node, int index, fdt_size_t *size)
 
 	if (ofnode_is_np(node)) {
 		const __be32 *prop_val;
+		u64 size64;
 		uint flags;
 
-		prop_val = of_get_address(ofnode_to_np(node), index,
-					  (u64 *)size, &flags);
+		prop_val = of_get_address(ofnode_to_np(node), index, &size64,
+					  &flags);
 		if (!prop_val)
 			return FDT_ADDR_T_NONE;
+		if (size)
+			*size = size64;
 
 		ns = of_n_size_cells(ofnode_to_np(node));