[PATCH] pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms

AngeloGioacchino Del Regno angelogioacchino.delregno at collabora.com
Tue May 20 02:15:13 PDT 2025 

Il 19/05/25 21:38, Nícolas F. R. A. Prado ha scritto:
> Commit 3ef9f710efcb ("pinctrl: mediatek: Add EINT support for multiple
> addresses") introduced an access to the 'soc' field of struct
> mtk_pinctrl in mtk_eint_do_init() and for that an include of
> pinctrl-mtk-common-v2.h.
> 
> However, pinctrl drivers relying on the v1 common driver include
> pinctrl-mtk-common.h instead, which provides another definition of
> struct mtk_pinctrl that does not contain an 'soc' field.
> 
> Since mtk_eint_do_init() can be called both by v1 and v2 drivers, it
> will now try to dereference an invalid pointer when called on v1
> platforms. This has been observed on Genio 350 EVK (MT8365), which
> crashes very early in boot (the kernel trace can only be seen with
> earlycon).
> 
> In order to fix this, given that this if code block is only relevant for
> platforms with multiple EINT bases, and the previous if block already
> handles the single base case, add an else statement so this if condition
> will never even be evaluated on platforms with a single EINT base, which
> covers all v1 platforms following commit fe412e3a6c97 ("pinctrl:
> mediatek: common-v1: Fix EINT breakage on older controllers").
> 
> Fixes: 3ef9f710efcb ("pinctrl: mediatek: Add EINT support for multiple addresses")
> Signed-off-by: Nícolas F. R. A. Prado <nfraprado at collabora.com>

I say that this is going to backfire next time.

I would rather propose, instead....

int mtk_eint_do_init(struct mtk_eint *eint, const struct mtk_eint_pin *eint_pin)
{
	...

	[if (or) else if] (eint_pin) {
		eint->pins = eint_pin;
		... etc
	}
}

...so that we avoid having this issue about referencing two different structures
called with the same name (which is bad from the principle anyway), and no more
mistakes around that in the future.

This also means that we can remove the inclusion of pinctrl-mtk-common-v2.h from
the mtk-eint.c file, as that's the right thing to do: eint should be standalone
and should not depend on ambiguous definitions from pinctrl-mtk-common(-v2).h.

Cheers,
Angelo

> ---
>   drivers/pinctrl/mediatek/mtk-eint.c | 4 +---
>   1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/pinctrl/mediatek/mtk-eint.c b/drivers/pinctrl/mediatek/mtk-eint.c
> index 16af6a47028e67bb53db4041a37ebbbb8b9a1e43..9114e0cd9def1bc65558c67317abe67ba63ef1f6 100644
> --- a/drivers/pinctrl/mediatek/mtk-eint.c
> +++ b/drivers/pinctrl/mediatek/mtk-eint.c
> @@ -531,9 +531,7 @@ int mtk_eint_do_init(struct mtk_eint *eint)
>   			eint->pins[i].index = i;
>   			eint->pins[i].debounce = (i < eint->hw->db_cnt) ? 1 : 0;
>   		}
> -	}
> -
> -	if (hw && hw->soc && hw->soc->eint_pin) {
> +	} else if (hw && hw->soc && hw->soc->eint_pin) {
>   		eint->pins = hw->soc->eint_pin;
>   		for (i = 0; i < eint->hw->ap_num; i++) {
>   			inst = eint->pins[i].instance;
> 
> ---
> base-commit: 8566fc3b96539e3235909d6bdda198e1282beaed
> change-id: 20250519-genio-350-eint-null-ptr-deref-fix-1a163aa9ad84
> 
> Best regards,

More information about the Linux-mediatek mailing list