Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp914910pxb; Wed, 3 Mar 2021 20:54:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJw9CLptIy8eeITCi+zEgx5qZOQBp6zj13SQVLyJKo6L+Z1cWgrsM9IdxXdBGnbRpe/wiYm2 X-Received: by 2002:aa7:cc94:: with SMTP id p20mr2382290edt.353.1614833660489; Wed, 03 Mar 2021 20:54:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614833660; cv=none; d=google.com; s=arc-20160816; b=yy7tCoWEK3783JwhNQYO/QIuwU7/KYAfSL5vsmah4AtUGaVZGYsbrc5BSy+y20Y83O 2OGLIMiqjwlFY/6Oju6cKIpkDK1tKbQLzKDNWmKCDgCftZDQvfIAlu0Po9DFJVZiqwLd Zc19px/JMYzDWaoV/CcCiyRjOb3I0QzFJDFLMb6XGgbwsLrPmryw1bBuVwxkYfrDK0op L5m4ulVBulXfCfiBDZko2R8Bp/Yx2sx47/gmfuQIAqb5b06CUt+xz35ulR6sMEpJbRgO Bk0u7sMqfSGvm4Y2vfumkspa3fyuB4/ORX4CzVzEbEmcnQqMoU427oS/3EpZgh67vuq5 2lOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=XDM6u2smwEQ/WTRI6EDcwX49Hpkss1AOmRiIW/a7mo0=; b=dMOGd1hOIo1h8DY5erCMvstcpWgFol+ZcjBcA9eT9F2mZjezLm3ppeKut/JJyRRWyf 5MEDW+F6dh/qZFPOTEEtUErU8buvXEzc/fKLEsFNuu8Cno2l7VAEaM781+BlHLwibk8v fJMmGZznoQeAwA52uu4fdZEprVu9Q9BAV3GRNbIdX8vXhLYU83dgPahmf0XcV4mNYLvv nzejO/uiskF9TyQ9MIzNvAm7sZUDWvAZJkTaeWiKJffpTZJIHw2Aw+0ibnLO50cHm7Z0 /Apsy9ZiSzxL5YDQSZ7ox8zFhR2IVQymPBe1aoig1daps89a7rieLuH7r/BkYw0T4CpW EQSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ZSOnHRyI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u1si16520488edp.42.2021.03.03.20.53.58; Wed, 03 Mar 2021 20:54:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ZSOnHRyI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1442631AbhCBCOw (ORCPT + 99 others); Mon, 1 Mar 2021 21:14:52 -0500 Received: from mail.kernel.org ([198.145.29.99]:54202 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232032AbhCATlu (ORCPT ); Mon, 1 Mar 2021 14:41:50 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 169FB65160; Mon, 1 Mar 2021 17:06:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1614618381; bh=j63jNsA8W4gWydGWpODFJVIhG+YXyml+DhvLBEl+VlA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZSOnHRyIU8IA4qW+6Ka6tiyzt826Yb3nnDhREL3Ir0TARxT7LwcXcW5oUmtFVAjR+ bbmtp6jANMF0PbVIcdBDv3syhCanxaWtFP+gfmWYj5K0YZPxLfpF8DWjor2NRREdmZ 4eAmBs0q6T1gjUQ9IdZjZrXbDx6ECY7F/otWPKg8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefan Wahren , Dan Carpenter , Phil Elwell , Sasha Levin Subject: [PATCH 5.10 037/663] staging: vchiq: Fix bulk userdata handling Date: Mon, 1 Mar 2021 17:04:45 +0100 Message-Id: <20210301161143.624748939@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210301161141.760350206@linuxfoundation.org> References: <20210301161141.760350206@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Phil Elwell [ Upstream commit 96ae327678eceabf455b11a88ba14ad540d4b046 ] The addition of the local 'userdata' pointer to vchiq_irq_queue_bulk_tx_rx omitted the case where neither BLOCKING nor WAITING modes are used, in which case the value provided by the caller is not returned to them as expected, but instead it is replaced with a NULL. This lack of a suitable context may cause the application to crash or otherwise malfunction. Fixes: 4184da4f316a ("staging: vchiq: fix __user annotations") Tested-by: Stefan Wahren Acked-by: Dan Carpenter Signed-off-by: Phil Elwell Link: https://lore.kernel.org/r/20210105162030.1415213-2-phil@raspberrypi.com Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin --- drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index 01125d9f991bb..5bc9b394212b8 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -953,7 +953,7 @@ static int vchiq_irq_queue_bulk_tx_rx(struct vchiq_instance *instance, struct vchiq_service *service; struct bulk_waiter_node *waiter = NULL; bool found = false; - void *userdata = NULL; + void *userdata; int status = 0; int ret; @@ -992,6 +992,8 @@ static int vchiq_irq_queue_bulk_tx_rx(struct vchiq_instance *instance, "found bulk_waiter %pK for pid %d", waiter, current->pid); userdata = &waiter->bulk_waiter; + } else { + userdata = args->userdata; } /* -- 2.27.0