From cd49b84d61b2dfc0360c76d9e6be49f5116ba1a5 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 6 Jun 2019 15:41:27 +0300 Subject: [PATCH] mfd: stmfx: Uninitialized variable in stmfx_irq_handler() The problem is that on 64bit systems then we don't clear the higher bits of the "pending" variable. So when we do: ack = pending & ~BIT(STMFX_REG_IRQ_SRC_EN_GPIO); if (ack) { the if (ack) condition relies on uninitialized data. The fix it that I've changed "pending" from an unsigned long to a u32. I changed "n" as well, because that's a number in the 0-10 range and it fits easily inside an int. We do need to add a cast to "pending" when we use it in the for_each_set_bit() loop, but that doesn't cause a problem, it's fine. Fixes: 06252ade9156 ("mfd: Add ST Multi-Function eXpander (STMFX) core driver") Signed-off-by: Dan Carpenter Acked-by: Amelie Delaunay Signed-off-by: Lee Jones --- drivers/mfd/stmfx.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/mfd/stmfx.c b/drivers/mfd/stmfx.c index fe8efba2d45f..7c419c078688 100644 --- a/drivers/mfd/stmfx.c +++ b/drivers/mfd/stmfx.c @@ -204,12 +204,10 @@ static struct irq_chip stmfx_irq_chip = { static irqreturn_t stmfx_irq_handler(int irq, void *data) { struct stmfx *stmfx = data; - unsigned long n, pending; - u32 ack; - int ret; + u32 pending, ack; + int n, ret; - ret = regmap_read(stmfx->map, STMFX_REG_IRQ_PENDING, - (u32 *)&pending); + ret = regmap_read(stmfx->map, STMFX_REG_IRQ_PENDING, &pending); if (ret) return IRQ_NONE; @@ -224,7 +222,7 @@ static irqreturn_t stmfx_irq_handler(int irq, void *data) return IRQ_NONE; } - for_each_set_bit(n, &pending, STMFX_REG_IRQ_SRC_MAX) + for_each_set_bit(n, (unsigned long *)&pending, STMFX_REG_IRQ_SRC_MAX) handle_nested_irq(irq_find_mapping(stmfx->irq_domain, n)); return IRQ_HANDLED; -- 2.30.2