From: Jorge Marques jorge.marques@analog.com
[ Upstream commit 290ce8b2d0745e45a3155268184523a8c75996f1 ]
Set ret to -EINVAL if i3c_i2c_notifier_call() receives an invalid action, resolving uninitialized warning.
Signed-off-by: Jorge Marques jorge.marques@analog.com Reviewed-by: Frank Li Frank.Li@nxp.com Link: https://lore.kernel.org/r/20250622-i3c-master-ret-uninitialized-v1-1-aabb562... Signed-off-by: Alexandre Belloni alexandre.belloni@bootlin.com Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
**YES**
This commit should be backported to stable kernel trees. Here's my extensive analysis:
## Bug Analysis
The commit fixes a serious uninitialized variable bug in `i3c_i2c_notifier_call()`. Looking at the code:
1. **The Bug**: The function declares `int ret` at line 2449 but doesn't initialize it. The switch statement only handles two cases (`BUS_NOTIFY_ADD_DEVICE` and `BUS_NOTIFY_DEL_DEVICE`), leaving `ret` uninitialized for any other action values.
2. **When It Triggers**: Since this notifier is registered with `bus_register_notifier(&i2c_bus_type, &i2cdev_notifier)`, it receives ALL bus notification events for I2C devices, including: - `BUS_NOTIFY_REMOVED_DEVICE` - `BUS_NOTIFY_BIND_DRIVER` - `BUS_NOTIFY_BOUND_DRIVER` - `BUS_NOTIFY_UNBIND_DRIVER` - `BUS_NOTIFY_UNBOUND_DRIVER` - `BUS_NOTIFY_DRIVER_NOT_BOUND`
3. **Impact**: When any of these unhandled actions occur, the function returns an uninitialized stack value, which could: - Accidentally return `NOTIFY_STOP` or `NOTIFY_BAD`, halting the notification chain - Cause unpredictable behavior in the device/driver binding process - Lead to intermittent, hard-to-debug failures
## Backport Criteria Analysis
1. **Fixes a real bug**: ✓ Yes - fixes an uninitialized variable that causes undefined behavior 2. **Small and contained**: ✓ Yes - adds only 2 lines (default case returning -EINVAL) 3. **No side effects**: ✓ Correct - the fix properly handles unexpected actions by returning an error 4. **No architectural changes**: ✓ Correct - simple bug fix, no design changes 5. **Critical subsystem**: ✓ Yes - affects I3C/I2C device management and driver binding 6. **Follows stable rules**: ✓ Yes - important bugfix with minimal risk
## Additional Context
- The bug was introduced in commit 72a4501b5d08 ("i3c: support dynamically added i2c devices") in January 2022 - The I3C subsystem has had other uninitialized variable fixes (e.g., commit 6cbf8b38dfe3) - This is a classic compiler warning fix that prevents real runtime issues - The fix is conservative, returning -EINVAL for unexpected actions rather than silently ignoring them
This is exactly the type of bug that stable kernels should fix: a real issue with unpredictable runtime consequences, fixed with a minimal, safe change.
drivers/i3c/master.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index e53c69d24873..dfa0bad991cf 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -2467,6 +2467,8 @@ static int i3c_i2c_notifier_call(struct notifier_block *nb, unsigned long action case BUS_NOTIFY_DEL_DEVICE: ret = i3c_master_i2c_detach(adap, client); break; + default: + ret = -EINVAL; } i3c_bus_maintenance_unlock(&master->bus);