From: sashiko-bot@kernel.org
To: "Luca Leonardo Scorcia" <l.scorcia@gmail.com>
Cc: linux-input@vger.kernel.org, dmitry.torokhov@gmail.com,
conor+dt@kernel.org, robh@kernel.org, devicetree@vger.kernel.org
Subject: Re: [PATCH v6 5/7] input: keyboard: mtk-pmic-keys: Add MT6392 support
Date: Fri, 12 Jun 2026 20:39:06 +0000 [thread overview]
Message-ID: <20260612203906.E53231F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260612200717.361018-6-l.scorcia@gmail.com>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
Pre-existing issues:
- [High] Out-of-bounds array access and incorrect parsing of disabled DT nodes in `mtk_pmic_keys_probe` due to a mismatch between child counting and iteration macros.
- [High] `mt6357_regs` incorrectly uses `MTK_PMIC_HOMEKEY_INDEX` instead of `MTK_PMIC_HOMEKEY_RST` for the home key reset mask.
--
commit 2b2bdf18b713288536d3d56d4b82a48e65594233
Author: Val Packett <val@packett.cool>
input: keyboard: mtk-pmic-keys: Add MT6392 support
This commit adds support for the MT6392 PMIC to the mediatek pmic keys driver
by defining its specific register layout and adding the required compatible
string.
> diff --git a/drivers/input/keyboard/mtk-pmic-keys.c b/drivers/input/keyboard/mtk-pmic-keys.c
> index c78d9f6d97c4f..8b4a89fce4fb1 100644
> --- a/drivers/input/keyboard/mtk-pmic-keys.c
> +++ b/drivers/input/keyboard/mtk-pmic-keys.c
[ ... ]
> @@ -69,6 +70,19 @@ static const struct mtk_pmic_regs mt6397_regs = {
> .rst_lprst_mask = MTK_PMIC_RST_DU_MASK,
> };
>
> +static const struct mtk_pmic_regs mt6392_regs = {
> + .keys_regs[MTK_PMIC_PWRKEY_INDEX] =
> + MTK_PMIC_KEYS_REGS(MT6392_CHRSTATUS, 0x2,
> + MT6392_INT_MISC_CON, 0x10,
> + MTK_PMIC_PWRKEY_RST),
> + .keys_regs[MTK_PMIC_HOMEKEY_INDEX] =
> + MTK_PMIC_KEYS_REGS(MT6392_CHRSTATUS, 0x4,
> + MT6392_INT_MISC_CON, 0x8,
> + MTK_PMIC_HOMEKEY_RST),
> + .pmic_rst_reg = MT6392_TOP_RST_MISC,
> + .rst_lprst_mask = MTK_PMIC_RST_DU_MASK,
> +};
> +
[Severity: High]
This isn't a bug introduced by this patch, but I noticed a potential
out-of-bounds access in mtk_pmic_keys_probe() due to a mismatch in child node
parsing:
drivers/input/keyboard/mtk-pmic-keys.c:mtk_pmic_keys_probe() {
...
keycount = of_get_available_child_count(node);
if (keycount > MTK_PMIC_MAX_KEY_COUNT) {
dev_err(dev, "too many keys defined (%d)\n", keycount);
return -EINVAL;
}
for_each_child_of_node_scoped(node, child) {
keys->keys[index].regs = &keys->mtk_regs->keys_regs[index];
...
}
The check uses of_get_available_child_count(), which skips nodes with
status="disabled", but the loop uses for_each_child_of_node_scoped(), which
iterates over all child nodes regardless of their availability.
If a device tree defines more than MTK_PMIC_MAX_KEY_COUNT nodes but disables
enough to pass the initial check, could the loop execute more than
MTK_PMIC_MAX_KEY_COUNT times? Would this cause an out-of-bounds array access
on the keys->keys[] and irqnames[] arrays?
[Severity: High]
This is a pre-existing issue as well, but looking at the existing register
definitions, mt6357_regs appears to use the wrong macro for the home key
reset mask:
drivers/input/keyboard/mtk-pmic-keys.c:
static const struct mtk_pmic_regs mt6357_regs = {
.keys_regs[MTK_PMIC_PWRKEY_INDEX] =
MTK_PMIC_KEYS_REGS(MT6357_TOPSTATUS,
0x2, MT6357_INT_MISC_CON, 0x10, MTK_PMIC_PWRKEY_RST),
.keys_regs[MTK_PMIC_HOMEKEY_INDEX] =
MTK_PMIC_KEYS_REGS(MT6357_TOPSTATUS,
0x8, MT6357_INT_MISC_CON, 0x8, MTK_PMIC_HOMEKEY_INDEX),
...
};
Does this incorrectly use MTK_PMIC_HOMEKEY_INDEX instead of
MTK_PMIC_HOMEKEY_RST?
Because MTK_PMIC_HOMEKEY_INDEX is just an array index, would this result in
modifying the wrong bits in the reset register during
mtk_pmic_keys_lp_reset_setup() and failing to properly enable the long-press
hardware reset for the home key on MT6357?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260612200717.361018-1-l.scorcia@gmail.com?part=5
next prev parent reply other threads:[~2026-06-12 20:39 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-12 20:04 [PATCH v6 0/7] Add support for MT6392 PMIC Luca Leonardo Scorcia
2026-06-12 20:04 ` [PATCH v6 1/7] dt-bindings: mfd: mt6397: Add " Luca Leonardo Scorcia
2026-06-12 20:37 ` sashiko-bot
2026-06-12 20:04 ` [PATCH v6 2/7] dt-bindings: input: mtk-pmic-keys: Add MT6392 PMIC keys Luca Leonardo Scorcia
2026-06-12 20:04 ` [PATCH v6 3/7] mfd: mt6397: Use MFD_CELL_* to describe sub-devices Luca Leonardo Scorcia
2026-06-12 20:04 ` [PATCH v6 4/7] mfd: mt6397: Add support for MT6392 PMIC Luca Leonardo Scorcia
2026-06-12 20:44 ` sashiko-bot
2026-06-12 20:04 ` [PATCH v6 5/7] input: keyboard: mtk-pmic-keys: Add MT6392 support Luca Leonardo Scorcia
2026-06-12 20:39 ` sashiko-bot [this message]
2026-06-12 20:04 ` [PATCH v6 6/7] pinctrl: mediatek: mt6397: Add MediaTek MT6392 Luca Leonardo Scorcia
2026-06-12 20:04 ` [PATCH v6 7/7] arm64: dts: mediatek: Add MediaTek MT6392 PMIC dtsi Luca Leonardo Scorcia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260612203906.E53231F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=dmitry.torokhov@gmail.com \
--cc=l.scorcia@gmail.com \
--cc=linux-input@vger.kernel.org \
--cc=robh@kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox