From nobody Mon May 25 08:11:40 2026 Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C53173B585C for ; Fri, 15 May 2026 15:01:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778857271; cv=none; b=VFiuAAj+Aj3ZL1+XTQJtHCJXOwjHxA6RuThfCNvLdxu3n4R0kn3qb/WmWmQG2+rMv+ip8K6AoZ7PXHdWJugGGuFcLAi+jBGVbsG2HEVyuzJirIaPieSdESq8TTpBV58SQ/h5Hz8cxy1ZFI4QyZKH0/b3NVkRJ/gmAWa5vzZPo+c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778857271; c=relaxed/simple; bh=eo4JHGBXgYQCSe/DE7+pZmIYRaXAcJB3SjLOrB7Xcno=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=PJyP62f6uZIWl2yyuyjg555SrCricZJJCIPc98KPCAGGsKD5XiSzVqE17TiPp3OyQIKt/t6kh6u8thdiFT0N6J+YxXMst+sqcGpZrJfDt1N04INg+UDVx+osRPpBrbeFpwswHut3PWW3FNybaGCvd0jJjBgumfL/g1yRuVG0FCk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=qbr0DdBw; arc=none smtp.client-ip=209.85.221.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="qbr0DdBw" Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-44ad87a57f6so954032f8f.2 for ; Fri, 15 May 2026 08:01:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778857268; x=1779462068; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=72ZekV4Qw/5wxdN6lentH6Bp50LjXJz/DgvExEUtVoE=; b=qbr0DdBwSBRNXbK0J6MniGJZaK8EWmzoRumWSknGTbvzFk9F68CKu/pNZqkwc4kQ8x T8gmrXw1weiGPMojQfVaVjnBe/m9y7geeVQOPBvW8AmTSxs/d+uI7GvKUp2Kvcb/pS9g pjs5qY4LT3stXVW+2eQqLebDAfH4jbp7Pq7wx73ULzCMoeI5U4HWxXMn6Ad85w0NML9j TIWoN6rtbEcULskmvIKJ0Vud1RFpieyUfHGBYNUmsw+dr3IyF+T2i6UtqtJ87dHQxwiM yFpRpKRNAA+QdkQbpCEXp0IWFsZPzTBAY7YJH5SvLztFEKntrRVBBmKK9TcdYbX303tr zLdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778857268; x=1779462068; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=72ZekV4Qw/5wxdN6lentH6Bp50LjXJz/DgvExEUtVoE=; b=NZVa76ST+2ng1DfcRNwXsPzXoiBnuy6Blc5BwWMmrHHJS1ESCS9zrK7BqbDNYoPCSP 6B8wv8UtD/rTIjVHs9/XulG8kWAyv5jT6bSUEwrzIB6gfQjSUlQ71/ejtkfBtEPrRqfq bpPPuTvr8rAH68TdNIysy/lEkYa2VnxUp0m5QToA//nAho2ZHnET5l6lim0RCR2h/2ML KYEdqexo1Yrgtz6iNIidu9nigE0Pv8QY8bM1A49ay4gRt5Hq6wU+YfxqJrW42RxgLylE Wddn37EYqbuBaHsINogK5lpmyWuKBgd++NnnihIUdO5oZZmCiaG+l3LR/kjE87gfQrv9 ovRA== X-Forwarded-Encrypted: i=1; AFNElJ8jzVwuAc4Lc2nl8N9L9u4vzrJjj5aiP5ABetahX0a9NwjR+DdpDpWPtPwpPpA8PyD7sMmWoMcad/DhvBw=@vger.kernel.org X-Gm-Message-State: AOJu0YytoSENvFAYutcJxtjrFD8vm6LdDQRs5tTQiolmpGu76Dce2R9T eM5X1ZHe4iGxfyHXSR9xQUoLRO9l2wjhBNTNqt/1ftttOj34hTy02j42 X-Gm-Gg: Acq92OGcfYVZ9N57iudwuK3qQ5Qj1wZPtqRGk2xjO+7pr7BG+AT+yCZxyaPi1wXSloR VzcZnK7hbdy+F+up3m5PIhLOaMsmvK6yssVPegnFj13p7XRfbEHyyx7yvRsOOI5jtIsArYDQLap d7WSxhs4FDSRQN6SN8JRmPjnsXEcr2npUd3hPSiixR9YbH6PJMGhWUDbj+nNyaD+h4LWwjUmCcp nPefkbuxY5C+Tk2C88OFESXc8IIi1knN1EGdi8SyVb/koIBUzWOhuYH6DPzAJa7A/o7fKtsWvG9 txMPJPDLlq17D++kBt2/sZfYD6YA81jKvR230L6WQESNPk/IRDMEdVk9gVXpmA3QyU9EDBYRHzm JFNtXtArMa7jgiWF3Oq1yy5hiEsKjA1Mm4cLDTQaoT/14TkygVVvhg7noRZSM8dyocsrQkkIqpS ZdNfRUMi+m9CFiSE6zWedYvMtPdhIjVnhx07F+PGPCQ/SgK3ch05NqGV6s3U+hlZ0EXA== X-Received: by 2002:a05:6000:228a:b0:446:9d8:bb6d with SMTP id ffacd0b85a97d-45e5c5a96d9mr2927060f8f.2.1778857267912; Fri, 15 May 2026 08:01:07 -0700 (PDT) Received: from localhost.localdomain ([82.215.118.79]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45d9e767d16sm15909333f8f.6.2026.05.15.08.01.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 May 2026 08:01:06 -0700 (PDT) From: Stepan Ionichev To: andy@kernel.org Cc: mika.westerberg@linux.intel.com, linusw@kernel.org, linux-gpio@vger.kernel.org, linux-kernel@vger.kernel.org, sozdayvek@gmail.com Subject: [PATCH] pinctrl: intel: zero-initialize capability_offset[] in probe Date: Fri, 15 May 2026 20:00:49 +0500 Message-Id: <20260515150049.33761-1-sozdayvek@gmail.com> X-Mailer: git-send-email 2.33.0.windows.2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" intel_pinctrl_probe() declares a per-community capability_offset[] array on the stack and only writes the slots whose CAPLIST entries the device actually advertises: unsigned short capability_offset[6]; ... do { value =3D readl(regs + offset); switch ((value & CAPLIST_ID_MASK) >> CAPLIST_ID_SHIFT) { case CAPLIST_ID_GPIO_HW_INFO: capability_offset[CAPLIST_ID_GPIO_HW_INFO] =3D offset; break; case CAPLIST_ID_PWM: capability_offset[CAPLIST_ID_PWM] =3D offset; break; ... default: break; } ... } while (offset); ... ret =3D intel_pinctrl_probe_pwm(pctrl, community, capability_offset[CAPLIST_ID_PWM]); If a community does not advertise a PWM capability, the loop never writes capability_offset[CAPLIST_ID_PWM] and the call to intel_pinctrl_probe_pwm() reads an indeterminate stack value. intel_pinctrl_probe_pwm() computes the PWM register base before it checks PINCTRL_FEATURE_PWM: void __iomem *base =3D community->regs + capability_offset + 4; ... if (!(community->features & PINCTRL_FEATURE_PWM)) return 0; so the base =3D community->regs + capability_offset + 4 expression is evaluated using the uninitialized value on every probe for any community that does not have CAPLIST_ID_PWM. The result is never dereferenced when the PWM feature flag is clear, but reading an indeterminate stack object is undefined behaviour by C, and KMSAN / UBSAN report it at probe time. Default the whole array to zero at declaration so unused slots are defined (community->regs + 4) instead of indeterminate. Fixes: 340bba73c545 ("pinctrl: intel: Improve capability support") Signed-off-by: Stepan Ionichev --- drivers/pinctrl/intel/pinctrl-intel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/intel/pinctrl-intel.c b/drivers/pinctrl/intel/= pinctrl-intel.c index 97bf5ec78..4fb4a3dab 100644 --- a/drivers/pinctrl/intel/pinctrl-intel.c +++ b/drivers/pinctrl/intel/pinctrl-intel.c @@ -1601,7 +1601,7 @@ int intel_pinctrl_probe(struct platform_device *pdev, =20 for (i =3D 0; i < pctrl->ncommunities; i++) { struct intel_community *community =3D &pctrl->communities[i]; - unsigned short capability_offset[6]; + unsigned short capability_offset[6] =3D { }; void __iomem *regs; u32 revision; u32 offset; --=20 2.43.0