Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp957602lqs; Wed, 6 Mar 2024 01:47:45 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXomAvKRxmNSlWgEkLMeKXST5NVhNbu84A7r/xQ6q8J0KcwUoDjEQzxqyyeYdIb18LMq6ExWINUPyajjdPSfIv/oX1L1iVWJ/UdgElXRg== X-Google-Smtp-Source: AGHT+IGUvwLNwM93artPUv1ZPkwNamR5jrW7nGWKzAgftBT7oSQdcttgM4qOnl4vWrzku2bHHeKx X-Received: by 2002:a17:906:6845:b0:a45:b9b5:e13a with SMTP id a5-20020a170906684500b00a45b9b5e13amr1054791ejs.75.1709718465730; Wed, 06 Mar 2024 01:47:45 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709718465; cv=pass; d=google.com; s=arc-20160816; b=y8hh00vpuawn36XY9FLElMhj24beLLilOBUlUXjNJmFYvpM16pKLWGmrcmGYTtZYTW BmLUjNZo8Kw8FrpYLp+HpQZQ4YpCpdUKvPvpEjkO045X4lS4cQ7YWCE1eILxxeCMQDbr 08j+kqYm1CA23mSGXGswJcXhVa16VQaDajk8JHpU5BfqM2cgVjrA1/OMmu9Qk5vZmdYB fr2yNGN7EsQM2dzbO7HV/uZrz/mqwQX+f/wOgjmErmcJFZaSM3raUWzBUH5ZuRYKEr+R xCMEhH7CA5gTpRScVj96yPs6GjVMdBJ4YsioI0TAmreDNd3JzX1NpEqySQAcWGHDvQ0a xbNA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=IXQktx4fldRoQpAzDTFiuBOW9vnYnZVPnipcv5l7YhI=; fh=BUVFUWhdsRvtylOS6YZwzUDTgtpbLp4Lx2bcuHBZgeI=; b=ji+pRGp2rfABIgYBM7+wQ3TtVKftFLgeEbFkRLTQZVvCyYZINQT9L+rvs0LMi6mBIL /TBNudkG/cVRCD34txXTdu9HZZSrLi6z3fThvDNOGtyLrqcQBxcxZSjZEX9YgCN+BlO0 DfapveYsS/lnr3lem6m89gBDEmBfHBso7OcRpIZHjLL0e+jZ406r0RTrVeSDEJW2oG1V 5UXtoaCW+fenSyStMiCJgxgpMPfgceLcFKuqBCpka3W2NqqmygH4Wxa1Ic2TIoZ1Kt3u gYgwmluUv8GjJzW4GeVBfp09KDZYCSdoxE9xn9/aJnaT1xkT8ip6pBTJ8FMbETUdS+k1 gAag==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=TQjayoYA; arc=pass (i=1 spf=pass spfdomain=qualcomm.com dkim=pass dkdomain=quicinc.com dmarc=pass fromdomain=quicinc.com); spf=pass (google.com: domain of linux-kernel+bounces-93659-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-93659-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id e21-20020a170906045500b00a3f0b680a63si5898251eja.48.2024.03.06.01.47.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Mar 2024 01:47:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-93659-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=TQjayoYA; arc=pass (i=1 spf=pass spfdomain=qualcomm.com dkim=pass dkdomain=quicinc.com dmarc=pass fromdomain=quicinc.com); spf=pass (google.com: domain of linux-kernel+bounces-93659-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-93659-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id C1D751F27437 for ; Wed, 6 Mar 2024 09:47:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D91325F578; Wed, 6 Mar 2024 09:45:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="TQjayoYA" Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3C8AC5C904; Wed, 6 Mar 2024 09:45:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709718326; cv=none; b=q+45dNn3MwxdaIfsT68YCzGdeCX3+2TccWii25xJsbxUU731vj1GetKp1lT9MEbXOqRU5iiUSG8ghsBtvsqAUu2Y1mh6knGsHabkr4KAfpmHpd91695r5eg212nb6fw+RcnktCHpdEjtyTvoqgM2r1moKN9LYRdaTFB9ZjRhgxY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709718326; c=relaxed/simple; bh=CdamcnFSoH3i2sWATAhJWeRSwegUDWNNTTpSh2vn7NQ=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Content-Type; b=njNdCLO7vbHmiebkJ5qDPqHc0jA4TnXjQE+H6nGADkjGM/Ty1d/OiS4z/TnBxBG5rVB9HU6e2x2/tOL8tR0IN2UL4u0bdG/zu9zkmYtLPOBFt0a4KHU6gjVYNJnwa9pWPPCMjVOZoNiip84EOmgmTsLHpCcfRVwDTNSu9XJv9ro= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=qualcomm.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=TQjayoYA; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qualcomm.com Received: from pps.filterd (m0279873.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 426988q2002175; Wed, 6 Mar 2024 09:45:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:mime-version:content-type :content-transfer-encoding; s=qcppdkim1; bh=IXQktx4fldRoQpAzDTFi uBOW9vnYnZVPnipcv5l7YhI=; b=TQjayoYAVEUkhfOm5buyZD1hZYFBOlJcecIO HUH8DlLPc2rqv7eSFMDdScyCW4eKNpsCmClmrgXZ99CMXl72rIv93ELBIkA11FgI jUyEFI3jqRHz4EW+cGGu/0GU7+eWXcaDf1+CeiXFtMOAnvefO/MdoHhcItP8ioc5 OdrF65Owh3MJXo4g6oVamIpRNkK+w3ogDL9OOpuWAdpBZA5zd4a5eDxAxAoe/mdm Ski0xtUkcErxHG3//DLui2z6LtidcL4bMAfYl5lUVXpWkdK5o4nnFlgpunrOfny8 h1dC8BRiyFqQ1iuwkLdbpEUwtTu06qufPQrtFnzegv0pLUcZ6Q== Received: from apblrppmta02.qualcomm.com (blr-bdr-fw-01_GlobalNAT_AllZones-Outside.qualcomm.com [103.229.18.19]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3wpkkarcbw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Mar 2024 09:45:17 +0000 (GMT) Received: from pps.filterd (APBLRPPMTA02.qualcomm.com [127.0.0.1]) by APBLRPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTP id 4269jDZc016031; Wed, 6 Mar 2024 09:45:13 GMT Received: from pps.reinject (localhost [127.0.0.1]) by APBLRPPMTA02.qualcomm.com (PPS) with ESMTP id 3wkw6kt39p-1; Wed, 06 Mar 2024 09:45:13 +0000 Received: from APBLRPPMTA02.qualcomm.com (APBLRPPMTA02.qualcomm.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 4269jDA4016026; Wed, 6 Mar 2024 09:45:13 GMT Received: from hu-maiyas-hyd.qualcomm.com (hu-vdadhani-hyd.qualcomm.com [10.213.106.28]) by APBLRPPMTA02.qualcomm.com (PPS) with ESMTP id 4269jDgY016025; Wed, 06 Mar 2024 09:45:13 +0000 Received: by hu-maiyas-hyd.qualcomm.com (Postfix, from userid 4047106) id 7A1F55001D9; Wed, 6 Mar 2024 15:15:12 +0530 (+0530) From: Viken Dadhaniya To: andersson@kernel.org, konrad.dybcio@linaro.org, srinivas.kandagatla@linaro.org, linux-arm-msm@vger.kernel.org, alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org Cc: quic_msavaliy@quicinc.com, quic_vtanuku@quicinc.com, quic_anupkulk@quicinc.com, quic_cchiluve@quicinc.com, Viken Dadhaniya Subject: [PATCH v1] slimbus: stream: Add null pointer check to prevent crash Date: Wed, 6 Mar 2024 15:15:07 +0530 Message-Id: <20240306094507.14270-1-quic_vdadhani@quicinc.com> X-Mailer: git-send-email 2.17.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-QCInternal: smtphost X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: 7mJj2T4xWfA-Sy2fCjU02MGjinONqC3d X-Proofpoint-GUID: 7mJj2T4xWfA-Sy2fCjU02MGjinONqC3d X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-06_05,2024-03-05_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxscore=0 bulkscore=0 spamscore=0 malwarescore=0 impostorscore=0 suspectscore=0 mlxlogscore=915 clxscore=1015 lowpriorityscore=0 priorityscore=1501 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2402120000 definitions=main-2403060076 We are facing crash due to null pointer dereference of stream in slim_stream_disable(). there is a possible scenario where client driver is calling slimbus stream APIs in incorrect sequence and it might lead to null pointer access of the stream in slimbus enable/disable/prepare/unprepare/free functions. Fix this issue by adding null pointer check of the stream before accessing in all stream API’s exposed to client. Signed-off-by: Viken Dadhaniya --- drivers/slimbus/stream.c | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/drivers/slimbus/stream.c b/drivers/slimbus/stream.c index 1d6b38657917..c5a436fd0952 100644 --- a/drivers/slimbus/stream.c +++ b/drivers/slimbus/stream.c @@ -202,10 +202,16 @@ static int slim_get_prate_code(int rate) int slim_stream_prepare(struct slim_stream_runtime *rt, struct slim_stream_config *cfg) { - struct slim_controller *ctrl = rt->dev->ctrl; + struct slim_controller *ctrl; struct slim_port *port; int num_ports, i, port_id, prrate; + if (!rt || !cfg) { + pr_err("%s: Stream or cfg is NULL, Check from client side\n", __func__); + return -EINVAL; + } + + ctrl = rt->dev->ctrl; if (rt->ports) { dev_err(&rt->dev->dev, "Stream already Prepared\n"); return -EINVAL; @@ -358,9 +364,15 @@ int slim_stream_enable(struct slim_stream_runtime *stream) { DEFINE_SLIM_BCAST_TXN(txn, SLIM_MSG_MC_BEGIN_RECONFIGURATION, 3, SLIM_LA_MANAGER, NULL); - struct slim_controller *ctrl = stream->dev->ctrl; + struct slim_controller *ctrl; int ret, i; + if (!stream) { + pr_err("%s: Stream is NULL, Check from client side\n", __func__); + return -EINVAL; + } + + ctrl = stream->dev->ctrl; if (ctrl->enable_stream) { ret = ctrl->enable_stream(stream); if (ret) @@ -411,12 +423,18 @@ int slim_stream_disable(struct slim_stream_runtime *stream) { DEFINE_SLIM_BCAST_TXN(txn, SLIM_MSG_MC_BEGIN_RECONFIGURATION, 3, SLIM_LA_MANAGER, NULL); - struct slim_controller *ctrl = stream->dev->ctrl; + struct slim_controller *ctrl; int ret, i; + if (!stream) { + pr_err("%s: Stream is NULL, Check from client side\n", __func__); + return -EINVAL; + } + if (!stream->ports || !stream->num_ports) return -EINVAL; + ctrl = stream->dev->ctrl; if (ctrl->disable_stream) ctrl->disable_stream(stream); @@ -448,6 +466,11 @@ int slim_stream_unprepare(struct slim_stream_runtime *stream) { int i; + if (!stream) { + pr_err("%s: Stream is NULL, Check from client side\n", __func__); + return -EINVAL; + } + if (!stream->ports || !stream->num_ports) return -EINVAL; @@ -476,8 +499,14 @@ EXPORT_SYMBOL_GPL(slim_stream_unprepare); */ int slim_stream_free(struct slim_stream_runtime *stream) { - struct slim_device *sdev = stream->dev; + struct slim_device *sdev; + + if (!stream) { + pr_err("%s: Stream is NULL, Check from client side\n", __func__); + return -EINVAL; + } + sdev = stream->dev; spin_lock(&sdev->stream_list_lock); list_del(&stream->node); spin_unlock(&sdev->stream_list_lock); -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation