[PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[Henry Martin]

This series fixes potential NULL pointer dereferences in scmi_cpufreq_get_rate()
and scpi_cpufreq_get_rate() when cpufreq_cpu_get_raw() returns NULL.

Henry Martin (2):
  cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
  cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()

 drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++--
 drivers/cpufreq/scpi-cpufreq.c | 13 ++++++++++---
 2 files changed, 18 insertions(+), 5 deletions(-)

-- 
2.34.1

[PATCH v2 1/2] cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()

[Henry Martin]

cpufreq_cpu_get_raw() can return NULL when the target CPU is not present
in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for
this case, which results in a NULL pointer dereference.

Add NULL check after cpufreq_cpu_get_raw() to prevent this issue.

Fixes: 99d6bdf33877 ("cpufreq: add support for CPU DVFS based on SCMI message protocol")
Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com>
---
V1 -> V2: Use `if (unlikely(!policy))` instead of `if (!policy)`

 drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c
index c310aeebc8f3..944e899eb1be 100644
--- a/drivers/cpufreq/scmi-cpufreq.c
+++ b/drivers/cpufreq/scmi-cpufreq.c
@@ -37,11 +37,17 @@ static struct cpufreq_driver scmi_cpufreq_driver;
 
 static unsigned int scmi_cpufreq_get_rate(unsigned int cpu)
 {
-	struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu);
-	struct scmi_data *priv = policy->driver_data;
+	struct cpufreq_policy *policy;
+	struct scmi_data *priv;
 	unsigned long rate;
 	int ret;
 
+	policy = cpufreq_cpu_get_raw(cpu);
+	if (unlikely(!policy))
+		return 0;
+
+	priv = policy->driver_data;
+
 	ret = perf_ops->freq_get(ph, priv->domain_id, &rate, false);
 	if (ret)
 		return 0;
-- 
2.34.1

[PATCH v2 2/2] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()

[Henry Martin]

cpufreq_cpu_get_raw() can return NULL when the target CPU is not present
in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for
this case, which results in a NULL pointer dereference.

Fixes: 343a8d17fa8d ("cpufreq: scpi: remove arm_big_little dependency")
Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com>
---
V1 -> V2: Use `if (unlikely(!policy))` instead of `if (!policy)`

 drivers/cpufreq/scpi-cpufreq.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/drivers/cpufreq/scpi-cpufreq.c b/drivers/cpufreq/scpi-cpufreq.c
index 17cda84f00df..dcbb0ae7dd47 100644
--- a/drivers/cpufreq/scpi-cpufreq.c
+++ b/drivers/cpufreq/scpi-cpufreq.c
@@ -29,9 +29,16 @@ static struct scpi_ops *scpi_ops;
 
 static unsigned int scpi_cpufreq_get_rate(unsigned int cpu)
 {
-	struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu);
-	struct scpi_data *priv = policy->driver_data;
-	unsigned long rate = clk_get_rate(priv->clk);
+	struct cpufreq_policy *policy;
+	struct scpi_data *priv;
+	unsigned long rate;
+
+	policy = cpufreq_cpu_get_raw(cpu);
+	if (unlikely(!policy))
+		return 0;
+
+	priv = policy->driver_data;
+	rate = clk_get_rate(priv->clk);
 
 	return rate / 1000;
 }
-- 
2.34.1

Re: [PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[Markus Elfring]

> This series fixes potential NULL pointer dereferences in scmi_cpufreq_get_rate()
> and scpi_cpufreq_get_rate() when cpufreq_cpu_get_raw() returns NULL.
>
> Henry Martin (2):
>   cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
>   cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()

Can any other summary phrase variants become more desirable accordingly?

Regards,
Markus

Re: [PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[Sudeep Holla]

On Tue, Apr 08, 2025 at 09:23:35PM +0200, Markus Elfring wrote:
> > This series fixes potential NULL pointer dereferences in scmi_cpufreq_get_rate()
> > and scpi_cpufreq_get_rate() when cpufreq_cpu_get_raw() returns NULL.
> >
> > Henry Martin (2):
> >   cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
> >   cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
> 
> Can any other summary phrase variants become more desirable accordingly?
> 

This is meaningless, sorry can't parse. Ignoring it as others in the
community are doing already.

-- 
Regards,
Sudeep

Re: [PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[Sudeep Holla]

On Tue, Apr 08, 2025 at 11:03:52PM +0800, Henry Martin wrote:
> This series fixes potential NULL pointer dereferences in scmi_cpufreq_get_rate()
> and scpi_cpufreq_get_rate() when cpufreq_cpu_get_raw() returns NULL.
> 

Acked-by: Sudeep Holla <sudeep.holla@arm.com>

I think unlikely is needed even in this patch[1] and thats what Viresh
meant when he mention all similar changes under one series and consistent
change.

Also I just happened to notice similar patches posted while ago[2][3].
Not sure how to handle the situation though.

-- 
Regards,
Sudeep

[1] https://lore.kernel.org/all/20250405061927.75485-1-bsdhenrymartin@gmail.com/
[2] https://lore.kernel.org/all/20241230093159.258813-1-hanchunchao@inspur.com
[3] https://lore.kernel.org/all/20241230090137.243825-1-hanchunchao@inspur.com

Re: [PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[Markus Elfring]

>> Can any other summary phrase variants become more desirable accordingly?
>
> This is meaningless, sorry can't parse. Ignoring it as others in the
> community are doing already.
Do you care if the term “null pointer dereference” would be used in consistent ways?

Regards,
Markus

Re: [PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[Cristian Marussi]

On Wed, Apr 09, 2025 at 01:48:33PM +0200, Markus Elfring wrote:
> >> Can any other summary phrase variants become more desirable accordingly?

I agree with Sudeep, the above sentence is completely incomprehensible
to me

> >
> > This is meaningless, sorry can't parse. Ignoring it as others in the
> > community are doing already.
> Do you care if the term “null pointer dereference” would be used in consistent ways?
>

...this is more comprehensible, but again I cannot grasp what's yor advice
specifically on this commit message.

Thanks,
Cristian

Re: [v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[Markus Elfring]

>>>> Can any other summary phrase variants become more desirable accordingly?
>
> I agree with Sudeep, the above sentence is completely incomprehensible
> to me

Can any suggestions gain acceptance also for better summary phrases?



>>> This is meaningless, sorry can't parse. Ignoring it as others in the
>>> community are doing already.
>> Do you care if the term “null pointer dereference” would be used in consistent ways?
>
> ...this is more comprehensible,

Thanks for another bit of constructive information.


>                                 but again I cannot grasp what's yor advice
> specifically on this commit message.
May the usage of abbreviations be reconsidered once more also for such messages
(in presented update steps)?

Regards,
Markus

Re: [PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[henry martin]

> I think unlikely is needed even in this patch[1] and thats what Viresh
> meant when he mention all similar changes under one series and consistent
> change.
Thanks for reviewing. I'll send v2 of patch[1] soon.

Sudeep Holla <sudeep.holla@arm.com> 于2025年4月9日周三 19:30写道：
>
> On Tue, Apr 08, 2025 at 11:03:52PM +0800, Henry Martin wrote:
> > This series fixes potential NULL pointer dereferences in scmi_cpufreq_get_rate()
> > and scpi_cpufreq_get_rate() when cpufreq_cpu_get_raw() returns NULL.
> >
>
> Acked-by: Sudeep Holla <sudeep.holla@arm.com>
>
> I think unlikely is needed even in this patch[1] and thats what Viresh
> meant when he mention all similar changes under one series and consistent
> change.
>
> Also I just happened to notice similar patches posted while ago[2][3].
> Not sure how to handle the situation though.
>
> --
> Regards,
> Sudeep
>
> [1] https://lore.kernel.org/all/20250405061927.75485-1-bsdhenrymartin@gmail.com/
> [2] https://lore.kernel.org/all/20241230093159.258813-1-hanchunchao@inspur.com
> [3] https://lore.kernel.org/all/20241230090137.243825-1-hanchunchao@inspur.com

Re: [v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[Sudeep Holla]

On Wed, Apr 09, 2025 at 02:25:52PM +0200, Markus Elfring wrote:
> >>>> Can any other summary phrase variants become more desirable accordingly?
> >
> > I agree with Sudeep, the above sentence is completely incomprehensible
> > to me
> 
> Can any suggestions gain acceptance also for better summary phrases?
> 
> 
> 
> >>> This is meaningless, sorry can't parse. Ignoring it as others in the
> >>> community are doing already.
> >> Do you care if the term “null pointer dereference” would be used in consistent ways?
> >
> > ...this is more comprehensible,
> 
> Thanks for another bit of constructive information.
> 
> 
> >                                 but again I cannot grasp what's yor advice
> > specifically on this commit message.
> May the usage of abbreviations be reconsidered once more also for such messages
> (in presented update steps)?
> 

Still can't understand you. Sorry for that. Alternatively, you can do what
I sometimes do: just write the whole commit log as you would expect and see
if that helps. I am sure that helps, so please do that.

-- 
Regards,
Sudeep

Re: [v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[Markus Elfring]

>> May the usage of abbreviations be reconsidered once more also for such messages
>> (in presented update steps)?
>
> Still can't understand you. Sorry for that. …

Will any communication challenges need further clarifications also according to
wordings like the following?
* null-ptr-deref
* null pointer dereference

Regards,
Markus

Re: [PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()

[Viresh Kumar]

On 08-04-25, 23:03, Henry Martin wrote:
> This series fixes potential NULL pointer dereferences in scmi_cpufreq_get_rate()
> and scpi_cpufreq_get_rate() when cpufreq_cpu_get_raw() returns NULL.
> 
> Henry Martin (2):
>   cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
>   cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
> 
>  drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++--
>  drivers/cpufreq/scpi-cpufreq.c | 13 ++++++++++---
>  2 files changed, 18 insertions(+), 5 deletions(-)

Applied. Thanks.

-- 
viresh