Patch "iio: accel: bma400: Fix uninitialized variable field_value in tap event handling." has been added to the 6.11-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Tue, 22 Oct 2024 13:39:45 -0400

This is a note to let you know that I've just added the patch titled

    iio: accel: bma400: Fix uninitialized variable field_value in tap event handling.

to the 6.11-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     iio-accel-bma400-fix-uninitialized-variable-field_va.patch
and it can be found in the queue-6.11 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 5abd35b058a4a1a9b96b9b53e45194b68d555926
Author: Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx>
Date:   Tue Sep 10 04:36:20 2024 -0400

    iio: accel: bma400: Fix uninitialized variable field_value in tap event handling.
    
    [ Upstream commit db9795a43dc944f048a37b65e06707f60f713e34 ]
    
    In the current implementation, the local variable field_value is used
    without prior initialization, which may lead to reading uninitialized
    memory. Specifically, in the macro set_mask_bits, the initial
    (potentially uninitialized) value of the buffer is copied into old__,
    and a mask is applied to calculate new__. A similar issue was resolved in
    commit 6ee2a7058fea ("iio: accel: bma400: Fix smatch warning based on use
    of unintialized value.").
    
    Found by Linux Verification Center (linuxtesting.org) with SVACE.
    
    Fixes: 961db2da159d ("iio: accel: bma400: Add support for single and double tap events")
    Signed-off-by: Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx>
    Link: https://patch.msgid.link/20240910083624.27224-1-m.lobanov@xxxxxxxxxxxx
    Signed-off-by: Jonathan Cameron <Jonathan.Cameron@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/iio/accel/bma400_core.c b/drivers/iio/accel/bma400_core.c
index e90e2f01550ad..04083b7395ab8 100644
--- a/drivers/iio/accel/bma400_core.c
+++ b/drivers/iio/accel/bma400_core.c
@@ -1219,7 +1219,8 @@ static int bma400_activity_event_en(struct bma400_data *data,
 static int bma400_tap_event_en(struct bma400_data *data,
 			       enum iio_event_direction dir, int state)
 {
-	unsigned int mask, field_value;
+	unsigned int mask;
+	unsigned int field_value = 0;
 	int ret;
 
 	/*







