projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fa55b7d)
firmware: arm_scmi: Fix null de-reference on error path
authorCristian Marussi <cristian.marussi@arm.com>
Fri, 12 Nov 2021 18:07:05 +0000 (18:07 +0000)
committerSudeep Holla <sudeep.holla@arm.com>
Mon, 15 Nov 2021 10:58:42 +0000 (10:58 +0000)
During channel setup a failure in the call of scmi_vio_feed_vq_rx() leads
to an attempt to access a dev pointer by dereferencing vioch->cinfo at
a time when vioch->cinfo has still to be initialized.

Fix it by providing the device reference directly to scmi_vio_feed_vq_rx.

Link: https://lore.kernel.org/r/20211112180705.41601-1-cristian.marussi@arm.com
Fixes: 46abe13b5e3db ("firmware: arm_scmi: Add virtio transport")
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
drivers/firmware/arm_scmi/virtio.c patch | blob | history

diff --git a/drivers/firmware/arm_scmi/virtio.c b/drivers/firmware/arm_scmi/virtio.c
index 11e8efb..87039c5 100644 (file)
--- a/drivers/firmware/arm_scmi/virtio.c
+++ b/drivers/firmware/arm_scmi/virtio.c
@@ -82,7 +82,8 @@ static bool scmi_vio_have_vq_rx(struct virtio_device *vdev)
 }
 
 static int scmi_vio_feed_vq_rx(struct scmi_vio_channel *vioch,
-                              struct scmi_vio_msg *msg)
+                              struct scmi_vio_msg *msg,
+                              struct device *dev)
 {
        struct scatterlist sg_in;
        int rc;
@@ -94,8 +95,7 @@ static int scmi_vio_feed_vq_rx(struct scmi_vio_channel *vioch,
 
        rc = virtqueue_add_inbuf(vioch->vqueue, &sg_in, 1, msg, GFP_ATOMIC);
        if (rc)
-               dev_err_once(vioch->cinfo->dev,
-                            "failed to add to virtqueue (%d)\n", rc);
+               dev_err_once(dev, "failed to add to virtqueue (%d)\n", rc);
        else
                virtqueue_kick(vioch->vqueue);
 
@@ -108,7 +108,7 @@ static void scmi_finalize_message(struct scmi_vio_channel *vioch,
                                  struct scmi_vio_msg *msg)
 {
        if (vioch->is_rx) {
-               scmi_vio_feed_vq_rx(vioch, msg);
+               scmi_vio_feed_vq_rx(vioch, msg, vioch->cinfo->dev);
        } else {
                /* Here IRQs are assumed to be already disabled by the caller */
                spin_lock(&vioch->lock);
@@ -269,7 +269,7 @@ static int virtio_chan_setup(struct scmi_chan_info *cinfo, struct device *dev,
                        list_add_tail(&msg->list, &vioch->free_list);
                        spin_unlock_irqrestore(&vioch->lock, flags);
                } else {
-                       scmi_vio_feed_vq_rx(vioch, msg);
+                       scmi_vio_feed_vq_rx(vioch, msg, cinfo->dev);
                }
        }
 
Domain: System / Kernel;