gpiolib: fix lookup table matching

If on any iteration in gpiod_find(), gpio_desc_table_match() returns
NULL (which is normal and expected), we never reinitialize desc back to
ERR_PTR(-ENOENT) and if we don't find a match later on, we will return
NULL causing a NULL-pointer dereference in users not expecting it. Don't
initialize desc, but return ERR_PTR(-ENOENT) explicitly at the end of
the function.

Fixes: 9700b0fccf38 ("gpiolib: allow multiple lookup tables per consumer")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Closes: https://lore.kernel.org/all/00107523-7737-4b92-a785-14ce4e93b8cb@samsung.com/
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/20260108102314.18816-1-bartosz.golaszewski@oss.qualcomm.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>

diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index c06152b16dbc77b827ebad49a9df52fcce527592..dcf427d3cf437ffe7c144c027e01235d499a92d3 100644 (file)
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -4602,8 +4602,8 @@ static struct gpio_desc *gpio_desc_table_match(struct device *dev, const char *c
 static struct gpio_desc *gpiod_find(struct device *dev, const char *con_id,
                                    unsigned int idx, unsigned long *flags)
 {
-       struct gpio_desc *desc = ERR_PTR(-ENOENT);
        struct gpiod_lookup_table *table;
+       struct gpio_desc *desc;
 
        guard(mutex)(&gpio_lookup_lock);
 
@@ -4619,7 +4619,7 @@ static struct gpio_desc *gpiod_find(struct device *dev, const char *con_id,
                return desc;
        }
 
-       return desc;
+       return ERR_PTR(-ENOENT);
 }
 
 static int platform_gpio_count(struct device *dev, const char *con_id)