* [PATCH] firmware: arm_scmi: Fix null de-reference on error path
@ 2021-11-12 18:07 Cristian Marussi
2021-11-18 12:08 ` Sudeep Holla
0 siblings, 1 reply; 2+ messages in thread
From: Cristian Marussi @ 2021-11-12 18:07 UTC (permalink / raw)
To: linux-kernel, linux-arm-kernel, virtualization, virtio-dev
Cc: sudeep.holla, cristian.marussi, igor.skalkin, peter.hilber
During channel setup a failure in the call of scmi_vio_feed_vq_rx() leads
to an attempt to access a dev pointer by dereferencing vioch->cinfo at
a time when vioch->cinfo has still to be initialized.
Fix it by providing the device reference directly to scmi_vio_feed_vq_rx.
Fixes: 46abe13b5e3db ("firmware: arm_scmi: Add virtio transport")
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
---
drivers/firmware/arm_scmi/virtio.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/arm_scmi/virtio.c b/drivers/firmware/arm_scmi/virtio.c
index c8cab5652daf..c30f82cc59ac 100644
--- a/drivers/firmware/arm_scmi/virtio.c
+++ b/drivers/firmware/arm_scmi/virtio.c
@@ -82,7 +82,8 @@ static bool scmi_vio_have_vq_rx(struct virtio_device *vdev)
}
static int scmi_vio_feed_vq_rx(struct scmi_vio_channel *vioch,
- struct scmi_vio_msg *msg)
+ struct scmi_vio_msg *msg,
+ struct device *dev)
{
struct scatterlist sg_in;
int rc;
@@ -94,8 +95,7 @@ static int scmi_vio_feed_vq_rx(struct scmi_vio_channel *vioch,
rc = virtqueue_add_inbuf(vioch->vqueue, &sg_in, 1, msg, GFP_ATOMIC);
if (rc)
- dev_err(vioch->cinfo->dev,
- "failed to add to RX virtqueue (%d)\n", rc);
+ dev_err(dev, "failed to add to RX virtqueue (%d)\n", rc);
else
virtqueue_kick(vioch->vqueue);
@@ -108,7 +108,7 @@ static void scmi_finalize_message(struct scmi_vio_channel *vioch,
struct scmi_vio_msg *msg)
{
if (vioch->is_rx) {
- scmi_vio_feed_vq_rx(vioch, msg);
+ scmi_vio_feed_vq_rx(vioch, msg, vioch->cinfo->dev);
} else {
/* Here IRQs are assumed to be already disabled by the caller */
spin_lock(&vioch->lock);
@@ -269,7 +269,7 @@ static int virtio_chan_setup(struct scmi_chan_info *cinfo, struct device *dev,
list_add_tail(&msg->list, &vioch->free_list);
spin_unlock_irqrestore(&vioch->lock, flags);
} else {
- scmi_vio_feed_vq_rx(vioch, msg);
+ scmi_vio_feed_vq_rx(vioch, msg, cinfo->dev);
}
}
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] firmware: arm_scmi: Fix null de-reference on error path
2021-11-12 18:07 [PATCH] firmware: arm_scmi: Fix null de-reference on error path Cristian Marussi
@ 2021-11-18 12:08 ` Sudeep Holla
0 siblings, 0 replies; 2+ messages in thread
From: Sudeep Holla @ 2021-11-18 12:08 UTC (permalink / raw)
To: virtio-dev, Cristian Marussi, virtualization, linux-kernel,
linux-arm-kernel
Cc: Sudeep Holla, peter.hilber, igor.skalkin
On Fri, 12 Nov 2021 18:07:05 +0000, Cristian Marussi wrote:
> During channel setup a failure in the call of scmi_vio_feed_vq_rx() leads
> to an attempt to access a dev pointer by dereferencing vioch->cinfo at
> a time when vioch->cinfo has still to be initialized.
>
> Fix it by providing the device reference directly to scmi_vio_feed_vq_rx.
>
>
> [...]
Applied to sudeep.holla/linux (for-next/scmi), thanks!
[1/1] firmware: arm_scmi: Fix null de-reference on error path
https://git.kernel.org/sudeep.holla/c/9516116572
--
Regards,
Sudeep
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-18 12:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-12 18:07 [PATCH] firmware: arm_scmi: Fix null de-reference on error path Cristian Marussi
2021-11-18 12:08 ` Sudeep Holla
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).