From: sashiko-bot@kernel.org
To: "Alexandre MINETTE via B4 Relay"
<devnull+contact.alex-min.fr@kernel.org>
Cc: devicetree@vger.kernel.org, robh@kernel.org, conor+dt@kernel.org
Subject: Re: [PATCH v3 3/8] pinctrl: qcom: Register functions before enabling pinctrl
Date: Tue, 19 May 2026 08:12:23 +0000 [thread overview]
Message-ID: <20260519081224.4FB15C2BCB3@smtp.kernel.org> (raw)
In-Reply-To: <20260519-mainline-send-v1-sending-v3-3-3dd7aa125353@alex-min.fr>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Use-After-Free in system power-off path if probe fails
--
commit 7e913e496347a43b567ce3ce3e00954f1fc74caf
Author: Alexandre MINETTE <contact@alex-min.fr>
pinctrl: qcom: Register functions before enabling pinctrl
This commit changes the Qualcomm pinctrl initialization sequence to register
functions before enabling the controller. It replaces devm_pinctrl_register()
with devm_pinctrl_register_and_init() and an explicit pinctrl_enable() call.
> diff --git a/drivers/pinctrl/qcom/pinctrl-msm.c b/drivers/pinctrl/qcom/pinctrl-msm.c
> index 45b3a2763eb85..a2a1e0835735d 100644
> --- a/drivers/pinctrl/qcom/pinctrl-msm.c
> +++ b/drivers/pinctrl/qcom/pinctrl-msm.c
[ ... ]
> @@ -1607,6 +1607,11 @@ int msm_pinctrl_probe(struct platform_device *pdev,
> return ret;
> }
>
> + ret = pinctrl_enable(pctrl->pctrl);
> + if (ret)
> + return dev_err_probe(&pdev->dev, ret,
> + "Couldn't enable pinctrl driver\n");
This isn't a regression strictly introduced by this patch, but it adds a
new failure path that could trigger an existing issue.
Earlier in msm_pinctrl_probe(), msm_pinctrl_setup_pm_reset() is called,
which assigns the devm-allocated pctrl to the global poweroff_pctrl pointer
and sets the global pm_power_off callback.
If pinctrl_enable() fails, the probe function aborts and the devm framework
will automatically free the pctrl memory. However, there is no corresponding
teardown to clear the global pm_power_off callback or poweroff_pctrl pointer.
If the system is later powered off, could the kernel invoke the callback and
dereference the freed poweroff_pctrl pointer?
> +
> ret = msm_gpio_init(pctrl);
> if (ret)
> return ret;
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260519-mainline-send-v1-sending-v3-0-3dd7aa125353@alex-min.fr?part=3
next prev parent reply other threads:[~2026-05-19 8:12 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-19 7:16 [PATCH v3 0/8] Add Samsung Galaxy S4 support Alexandre MINETTE via B4 Relay
2026-05-19 7:16 ` Alexandre MINETTE
2026-05-19 7:16 ` [PATCH v3 1/8] dt-bindings: arm: qcom: Add Samsung Galaxy S4 Alexandre MINETTE via B4 Relay
2026-05-19 7:16 ` Alexandre MINETTE
2026-05-19 7:16 ` [PATCH v3 2/8] dt-bindings: extcon: qcom,pm8941-misc: Add PM8921 compatible Alexandre MINETTE via B4 Relay
2026-05-19 7:16 ` Alexandre MINETTE
2026-05-19 7:42 ` sashiko-bot
2026-05-20 7:22 ` Krzysztof Kozlowski
2026-06-03 9:16 ` MINETTE Alexandre
2026-05-19 7:16 ` [PATCH v3 3/8] pinctrl: qcom: Register functions before enabling pinctrl Alexandre MINETTE via B4 Relay
2026-05-19 7:16 ` Alexandre MINETTE
2026-05-19 8:12 ` sashiko-bot [this message]
2026-05-19 8:31 ` Linus Walleij
2026-05-19 8:48 ` MINETTE Alexandre
2026-05-19 21:03 ` David Heidelberg
2026-06-03 8:58 ` MINETTE Alexandre
2026-06-03 12:29 ` Dmitry Baryshkov
2026-06-03 12:44 ` MINETTE Alexandre
2026-05-19 7:16 ` [PATCH v3 4/8] iommu/msm: Look up masters per IOMMU instance Alexandre MINETTE via B4 Relay
2026-05-19 7:16 ` Alexandre MINETTE
2026-05-19 8:43 ` sashiko-bot
2026-05-19 7:16 ` [PATCH v3 5/8] extcon: qcom-spmi-misc: Add PM8921 compatible Alexandre MINETTE via B4 Relay
2026-05-19 7:16 ` Alexandre MINETTE
2026-05-19 9:05 ` sashiko-bot
2026-05-19 7:16 ` [PATCH v3 6/8] ARM: dts: qcom: apq8064: Fix USB controller clocks Alexandre MINETTE via B4 Relay
2026-05-19 7:16 ` Alexandre MINETTE
2026-05-19 9:25 ` sashiko-bot
2026-05-19 7:16 ` [PATCH v3 7/8] ARM: dts: qcom: pm8921: Add USB ID extcon Alexandre MINETTE via B4 Relay
2026-05-19 7:16 ` Alexandre MINETTE
2026-05-19 9:41 ` sashiko-bot
2026-05-19 7:16 ` [PATCH v3 8/8] ARM: dts: qcom: Add Samsung Galaxy S4 Alexandre MINETTE via B4 Relay
2026-05-19 7:16 ` Alexandre MINETTE
2026-05-19 9:50 ` sashiko-bot
2026-05-25 9:01 ` Linus Walleij
2026-05-21 10:41 ` Konrad Dybcio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260519081224.4FB15C2BCB3@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=devnull+contact.alex-min.fr@kernel.org \
--cc=robh@kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.