mfd: stmfx: Uninitialized variable in stmfx_irq_handler()

The problem is that on 64bit systems then we don't clear the higher bits of the "pending" variable. So when we do: ack = pending & ~BIT(STMFX_REG_IRQ_SRC_EN_GPIO); if (ack) { the if (ack) condition relies on uninitialized data. The fix it that I've changed "pending" from an unsigned long to a u32. I changed "n" as well, because that's a number in the 0-10 range and it fits easily inside an int. We do need to add a cast to "pending" when we use it in the for_each_set_bit() loop, but that doesn't cause a proble, it's fine. Fixes: 06252ad ("mfd: Add ST Multi-Function eXpander (STMFX) core driver") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Amelie Delaunay <amelie.delaunay@st.com> Signed-off-by: Lee Jones <lee.jones@linaro.org>
mariux64 · Jun 12, 2019 · 3861456 · 3861456
1 parent a188339
commit 3861456
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/drivers/mfd/stmfx.c b/drivers/mfd/stmfx.c
@@ -204,12 +204,10 @@ static struct irq_chip stmfx_irq_chip = {
 static irqreturn_t stmfx_irq_handler(int irq, void *data)
 {
 	struct stmfx *stmfx = data;
-	unsigned long n, pending;
-	u32 ack;
-	int ret;
+	u32 pending, ack;
+	int n, ret;
 
-	ret = regmap_read(stmfx->map, STMFX_REG_IRQ_PENDING,
-			  (u32 *)&pending);
+	ret = regmap_read(stmfx->map, STMFX_REG_IRQ_PENDING, &pending);
 	if (ret)
 		return IRQ_NONE;
 
@@ -224,7 +222,7 @@ static irqreturn_t stmfx_irq_handler(int irq, void *data)
 			return IRQ_NONE;
 	}
 
-	for_each_set_bit(n, &pending, STMFX_REG_IRQ_SRC_MAX)
+	for_each_set_bit(n, (unsigned long *)&pending, STMFX_REG_IRQ_SRC_MAX)
 		handle_nested_irq(irq_find_mapping(stmfx->irq_domain, n));
 
 	return IRQ_HANDLED;