[PATCH] pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms

Nícolas F. R. A. Prado nfraprado at collabora.com
Mon May 19 12:38:42 PDT 2025 

Commit 3ef9f710efcb ("pinctrl: mediatek: Add EINT support for multiple
addresses") introduced an access to the 'soc' field of struct
mtk_pinctrl in mtk_eint_do_init() and for that an include of
pinctrl-mtk-common-v2.h.

However, pinctrl drivers relying on the v1 common driver include
pinctrl-mtk-common.h instead, which provides another definition of
struct mtk_pinctrl that does not contain an 'soc' field.

Since mtk_eint_do_init() can be called both by v1 and v2 drivers, it
will now try to dereference an invalid pointer when called on v1
platforms. This has been observed on Genio 350 EVK (MT8365), which
crashes very early in boot (the kernel trace can only be seen with
earlycon).

In order to fix this, given that this if code block is only relevant for
platforms with multiple EINT bases, and the previous if block already
handles the single base case, add an else statement so this if condition
will never even be evaluated on platforms with a single EINT base, which
covers all v1 platforms following commit fe412e3a6c97 ("pinctrl:
mediatek: common-v1: Fix EINT breakage on older controllers").

Fixes: 3ef9f710efcb ("pinctrl: mediatek: Add EINT support for multiple addresses")
Signed-off-by: Nícolas F. R. A. Prado <nfraprado at collabora.com>
---
 drivers/pinctrl/mediatek/mtk-eint.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/pinctrl/mediatek/mtk-eint.c b/drivers/pinctrl/mediatek/mtk-eint.c
index 16af6a47028e67bb53db4041a37ebbbb8b9a1e43..9114e0cd9def1bc65558c67317abe67ba63ef1f6 100644
--- a/drivers/pinctrl/mediatek/mtk-eint.c
+++ b/drivers/pinctrl/mediatek/mtk-eint.c
@@ -531,9 +531,7 @@ int mtk_eint_do_init(struct mtk_eint *eint)
 			eint->pins[i].index = i;
 			eint->pins[i].debounce = (i < eint->hw->db_cnt) ? 1 : 0;
 		}
-	}
-
-	if (hw && hw->soc && hw->soc->eint_pin) {
+	} else if (hw && hw->soc && hw->soc->eint_pin) {
 		eint->pins = hw->soc->eint_pin;
 		for (i = 0; i < eint->hw->ap_num; i++) {
 			inst = eint->pins[i].instance;

---
base-commit: 8566fc3b96539e3235909d6bdda198e1282beaed
change-id: 20250519-genio-350-eint-null-ptr-deref-fix-1a163aa9ad84

Best regards,
-- 
Nícolas F. R. A. Prado <nfraprado at collabora.com>

More information about the Linux-mediatek mailing list