When find_nmk_gpio_from_pin fails to find a valid GPIO chip for the given pin, the bit variable remains uninitialized. This uninitialized value is then passed to __nmk_gpio_set_mode, leading to undefined behavior and undesired address access.

To fix this, add error handling to check the return value of find_nmk_gpio_from_pin. Log an error message indicating an invalid pin offset and return -EINVAL immediately If the function fails.

Fixes: 75d270fda64d ("gpio: nomadik: request dynamic ID allocation") Cc: stable@vger.kernel.org # 6.9+ Signed-off-by: Wentao Liang vulab@iscas.ac.cn --- drivers/pinctrl/nomadik/pinctrl-nomadik.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/pinctrl/nomadik/pinctrl-nomadik.c b/drivers/pinctrl/nomadik/pinctrl-nomadik.c index f4f10c60c1d2..4155137b0674 100644 --- a/drivers/pinctrl/nomadik/pinctrl-nomadik.c +++ b/drivers/pinctrl/nomadik/pinctrl-nomadik.c @@ -985,7 +985,7 @@ static int nmk_gpio_request_enable(struct pinctrl_dev *pctldev, unsigned int pin) { struct nmk_pinctrl *npct = pinctrl_dev_get_drvdata(pctldev); - struct nmk_gpio_chip *nmk_chip; + struct nmk_gpio_chip *nmk_chip, *r; struct gpio_chip *chip; unsigned int bit;

@@ -1002,7 +1002,12 @@ static int nmk_gpio_request_enable(struct pinctrl_dev *pctldev,

dev_dbg(npct->dev, "enable pin %u as GPIO\n", pin);

- find_nmk_gpio_from_pin(pin, &bit); + r = find_nmk_gpio_from_pin(pin, &bit); + if (!r) { + dev_err(npct->dev, + "invalid pin offset %d\n", pin); + return -EINVAL; + }

clk_enable(nmk_chip->clk); /* There is no glitch when converting any pin to GPIO */