[PATCH V2] scsi: ufs: qcom : Fix NULL pointer dereference in ufs_qcom_setup

linux-arm-msm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH V2] scsi: ufs: qcom : Fix NULL pointer dereference in ufs_qcom_setup_clocks
@ 2025-06-22 17:51 Nitin Rawat
  2025-06-23  6:22 ` neil.armstrong
  2025-06-23  9:16 ` neil.armstrong
  0 siblings, 2 replies; 3+ messages in thread
From: Nitin Rawat @ 2025-06-22 17:51 UTC (permalink / raw)
  To: mani, James.Bottomley, martin.petersen, bvanassche, andersson,
	neil.armstrong, konrad.dybcio, dmitry.baryshkov, quic_cang, vkoul
  Cc: linux-arm-msm, linux-kernel, linux-scsi, Nitin Rawat,
	Naresh Kamboju, Aishwarya, Ram Kumar Dwivedi

Fix a NULL pointer dereference in ufs_qcom_setup_clocks due to an
uninitialized 'host' variable. The variable 'phy' is now assigned
after confirming 'host' is not NULL.

Call Stack:

Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000000

ufs_qcom_setup_clocks+0x28/0x148 ufs_qcom (P)
ufshcd_setup_clocks (drivers/ufs/core/ufshcd-priv.h:142)
ufshcd_init (drivers/ufs/core/ufshcd.c:9468)
ufshcd_pltfrm_init (drivers/ufs/host/ufshcd-pltfrm.c:504)
ufs_qcom_probe+0x28/0x68 ufs_qcom
platform_probe (drivers/base/platform.c:1404)
really_probe (drivers/base/dd.c:579 drivers/base/dd.c:657)
__driver_probe_device (drivers/base/dd.c:799)
driver_probe_device (drivers/base/dd.c:829)
__driver_attach (drivers/base/dd.c:1216)
bus_for_each_dev (drivers/base/bus.c:370)
driver_attach (drivers/base/dd.c:1234)
bus_add_driver (drivers/base/bus.c:678)
driver_register (drivers/base/driver.c:249)
__platform_driver_register (drivers/base/platform.c:868)
ufs_qcom_pltform_init+0x28/0xff8 ufs_qcom
do_one_initcall (init/main.c:1274)
do_init_module (kernel/module/main.c:3041)
load_module (kernel/module/main.c:3511)
init_module_from_file (kernel/module/main.c:3704)
__arm64_sys_finit_module (kernel/module/main.c:3715.

Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Fixes: 77d2fa54a945 ("scsi: ufs: qcom : Refactor phy_power_on/off calls")
Tested-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> # sc8180x-primus
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reported-by: Aishwarya <aishwarya.tcv@arm.com>
Closes: https://lore.kernel.org/lkml/20250620214408.11028-1-aishwarya.tcv@arm.com/
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Closes: https://lore.kernel.org/linux-scsi/CA+G9fYuFQ2dBvYm1iB6rbwT=4b1c8e4NJ3yxqFPGZGUKH3GmMA@mail.gmail.com/T/#t
Co-developed-by: Ram Kumar Dwivedi <quic_rdwivedi@quicinc.com>
Signed-off-by: Ram Kumar Dwivedi <quic_rdwivedi@quicinc.com>
Signed-off-by: Nitin Rawat <quic_nitirawa@quicinc.com>
---
 drivers/ufs/host/ufs-qcom.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c
index ba4b2880279c..318dca7fe3d7 100644
--- a/drivers/ufs/host/ufs-qcom.c
+++ b/drivers/ufs/host/ufs-qcom.c
@@ -1124,7 +1124,7 @@ static int ufs_qcom_setup_clocks(struct ufs_hba *hba, bool on,
 				 enum ufs_notify_change_status status)
 {
 	struct ufs_qcom_host *host = ufshcd_get_variant(hba);
-	struct phy *phy = host->generic_phy;
+	struct phy *phy;
 	int err;

 	/*
@@ -1135,6 +1135,8 @@ static int ufs_qcom_setup_clocks(struct ufs_hba *hba, bool on,
 	if (!host)
 		return 0;

+	phy = host->generic_phy;
+
 	switch (status) {
 	case PRE_CHANGE:
 		if (on) {
--
2.48.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH V2] scsi: ufs: qcom : Fix NULL pointer dereference in ufs_qcom_setup_clocks
  2025-06-22 17:51 [PATCH V2] scsi: ufs: qcom : Fix NULL pointer dereference in ufs_qcom_setup_clocks Nitin Rawat
@ 2025-06-23  6:22 ` neil.armstrong
  2025-06-23  9:16 ` neil.armstrong
  1 sibling, 0 replies; 3+ messages in thread
From: neil.armstrong @ 2025-06-23  6:22 UTC (permalink / raw)
  To: Nitin Rawat, mani, James.Bottomley, martin.petersen, bvanassche,
	andersson, konrad.dybcio, dmitry.baryshkov, quic_cang, vkoul
  Cc: linux-arm-msm, linux-kernel, linux-scsi, Naresh Kamboju,
	Aishwarya, Ram Kumar Dwivedi

On 22/06/2025 19:51, Nitin Rawat wrote:
> Fix a NULL pointer dereference in ufs_qcom_setup_clocks due to an
> uninitialized 'host' variable. The variable 'phy' is now assigned
> after confirming 'host' is not NULL.
> 
> Call Stack:
> 
> Unable to handle kernel NULL pointer dereference at
> virtual address 0000000000000000
> 
> ufs_qcom_setup_clocks+0x28/0x148 ufs_qcom (P)
> ufshcd_setup_clocks (drivers/ufs/core/ufshcd-priv.h:142)
> ufshcd_init (drivers/ufs/core/ufshcd.c:9468)
> ufshcd_pltfrm_init (drivers/ufs/host/ufshcd-pltfrm.c:504)
> ufs_qcom_probe+0x28/0x68 ufs_qcom
> platform_probe (drivers/base/platform.c:1404)
> really_probe (drivers/base/dd.c:579 drivers/base/dd.c:657)
> __driver_probe_device (drivers/base/dd.c:799)
> driver_probe_device (drivers/base/dd.c:829)
> __driver_attach (drivers/base/dd.c:1216)
> bus_for_each_dev (drivers/base/bus.c:370)
> driver_attach (drivers/base/dd.c:1234)
> bus_add_driver (drivers/base/bus.c:678)
> driver_register (drivers/base/driver.c:249)
> __platform_driver_register (drivers/base/platform.c:868)
> ufs_qcom_pltform_init+0x28/0xff8 ufs_qcom
> do_one_initcall (init/main.c:1274)
> do_init_module (kernel/module/main.c:3041)
> load_module (kernel/module/main.c:3511)
> init_module_from_file (kernel/module/main.c:3704)
> __arm64_sys_finit_module (kernel/module/main.c:3715.
> 
> Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
> Fixes: 77d2fa54a945 ("scsi: ufs: qcom : Refactor phy_power_on/off calls")
> Tested-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> # sc8180x-primus
> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
> Reported-by: Aishwarya <aishwarya.tcv@arm.com>
> Closes: https://lore.kernel.org/lkml/20250620214408.11028-1-aishwarya.tcv@arm.com/
> Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
> Closes: https://lore.kernel.org/linux-scsi/CA+G9fYuFQ2dBvYm1iB6rbwT=4b1c8e4NJ3yxqFPGZGUKH3GmMA@mail.gmail.com/T/#t
> Co-developed-by: Ram Kumar Dwivedi <quic_rdwivedi@quicinc.com>
> Signed-off-by: Ram Kumar Dwivedi <quic_rdwivedi@quicinc.com>
> Signed-off-by: Nitin Rawat <quic_nitirawa@quicinc.com>
> ---
>   drivers/ufs/host/ufs-qcom.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c
> index ba4b2880279c..318dca7fe3d7 100644
> --- a/drivers/ufs/host/ufs-qcom.c
> +++ b/drivers/ufs/host/ufs-qcom.c
> @@ -1124,7 +1124,7 @@ static int ufs_qcom_setup_clocks(struct ufs_hba *hba, bool on,
>   				 enum ufs_notify_change_status status)
>   {
>   	struct ufs_qcom_host *host = ufshcd_get_variant(hba);
> -	struct phy *phy = host->generic_phy;
> +	struct phy *phy;
>   	int err;
> 
>   	/*
> @@ -1135,6 +1135,8 @@ static int ufs_qcom_setup_clocks(struct ufs_hba *hba, bool on,
>   	if (!host)
>   		return 0;
> 
> +	phy = host->generic_phy;
> +
>   	switch (status) {
>   	case PRE_CHANGE:
>   		if (on) {
> --
> 2.48.1
> 

Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH V2] scsi: ufs: qcom : Fix NULL pointer dereference in ufs_qcom_setup_clocks
  2025-06-22 17:51 [PATCH V2] scsi: ufs: qcom : Fix NULL pointer dereference in ufs_qcom_setup_clocks Nitin Rawat
  2025-06-23  6:22 ` neil.armstrong
@ 2025-06-23  9:16 ` neil.armstrong
  1 sibling, 0 replies; 3+ messages in thread
From: neil.armstrong @ 2025-06-23  9:16 UTC (permalink / raw)
  To: Nitin Rawat, mani, James.Bottomley, martin.petersen, bvanassche,
	andersson, konrad.dybcio, dmitry.baryshkov, quic_cang, vkoul
  Cc: linux-arm-msm, linux-kernel, linux-scsi, Naresh Kamboju,
	Aishwarya, Ram Kumar Dwivedi

On 22/06/2025 19:51, Nitin Rawat wrote:
> Fix a NULL pointer dereference in ufs_qcom_setup_clocks due to an
> uninitialized 'host' variable. The variable 'phy' is now assigned
> after confirming 'host' is not NULL.
> 
> Call Stack:
> 
> Unable to handle kernel NULL pointer dereference at
> virtual address 0000000000000000
> 
> ufs_qcom_setup_clocks+0x28/0x148 ufs_qcom (P)
> ufshcd_setup_clocks (drivers/ufs/core/ufshcd-priv.h:142)
> ufshcd_init (drivers/ufs/core/ufshcd.c:9468)
> ufshcd_pltfrm_init (drivers/ufs/host/ufshcd-pltfrm.c:504)
> ufs_qcom_probe+0x28/0x68 ufs_qcom
> platform_probe (drivers/base/platform.c:1404)
> really_probe (drivers/base/dd.c:579 drivers/base/dd.c:657)
> __driver_probe_device (drivers/base/dd.c:799)
> driver_probe_device (drivers/base/dd.c:829)
> __driver_attach (drivers/base/dd.c:1216)
> bus_for_each_dev (drivers/base/bus.c:370)
> driver_attach (drivers/base/dd.c:1234)
> bus_add_driver (drivers/base/bus.c:678)
> driver_register (drivers/base/driver.c:249)
> __platform_driver_register (drivers/base/platform.c:868)
> ufs_qcom_pltform_init+0x28/0xff8 ufs_qcom
> do_one_initcall (init/main.c:1274)
> do_init_module (kernel/module/main.c:3041)
> load_module (kernel/module/main.c:3511)
> init_module_from_file (kernel/module/main.c:3704)
> __arm64_sys_finit_module (kernel/module/main.c:3715.
> 
> Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
> Fixes: 77d2fa54a945 ("scsi: ufs: qcom : Refactor phy_power_on/off calls")
> Tested-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> # sc8180x-primus
> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
> Reported-by: Aishwarya <aishwarya.tcv@arm.com>
> Closes: https://lore.kernel.org/lkml/20250620214408.11028-1-aishwarya.tcv@arm.com/
> Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
> Closes: https://lore.kernel.org/linux-scsi/CA+G9fYuFQ2dBvYm1iB6rbwT=4b1c8e4NJ3yxqFPGZGUKH3GmMA@mail.gmail.com/T/#t
> Co-developed-by: Ram Kumar Dwivedi <quic_rdwivedi@quicinc.com>
> Signed-off-by: Ram Kumar Dwivedi <quic_rdwivedi@quicinc.com>
> Signed-off-by: Nitin Rawat <quic_nitirawa@quicinc.com>
> ---
>   drivers/ufs/host/ufs-qcom.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c
> index ba4b2880279c..318dca7fe3d7 100644
> --- a/drivers/ufs/host/ufs-qcom.c
> +++ b/drivers/ufs/host/ufs-qcom.c
> @@ -1124,7 +1124,7 @@ static int ufs_qcom_setup_clocks(struct ufs_hba *hba, bool on,
>   				 enum ufs_notify_change_status status)
>   {
>   	struct ufs_qcom_host *host = ufshcd_get_variant(hba);
> -	struct phy *phy = host->generic_phy;
> +	struct phy *phy;
>   	int err;
> 
>   	/*
> @@ -1135,6 +1135,8 @@ static int ufs_qcom_setup_clocks(struct ufs_hba *hba, bool on,
>   	if (!host)
>   		return 0;
> 
> +	phy = host->generic_phy;
> +
>   	switch (status) {
>   	case PRE_CHANGE:
>   		if (on) {
> --
> 2.48.1
> 

Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-QRD
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-HDK
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8650-QRD
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8650-HDK

Thanks,
Neil

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-06-23  9:16 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-22 17:51 [PATCH V2] scsi: ufs: qcom : Fix NULL pointer dereference in ufs_qcom_setup_clocks Nitin Rawat
2025-06-23  6:22 ` neil.armstrong
2025-06-23  9:16 ` neil.armstrong

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).