[PATCH v2 2/2] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get

Linux Power Management development
 help / color / mirror / Atom feed

* [PATCH v2 2/2] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
@ 2025-04-09 12:45 Henry Martin
  2025-04-09 12:52 ` henry martin
  0 siblings, 1 reply; 3+ messages in thread
From: Henry Martin @ 2025-04-09 12:45 UTC (permalink / raw)
  To: sven, j, alyssa, neal, rafael, viresh.kumar
  Cc: asahi, linux-arm-kernel, linux-pm, linux-kernel, Henry Martin

cpufreq_cpu_get_raw() can return NULL when the target CPU is not present
in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for
this case, which results in a NULL pointer dereference.

Fixes: 343a8d17fa8d ("cpufreq: scpi: remove arm_big_little dependency")
Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com>
---
V1 -> V2: Use `if (unlikely(!policy))` instead of `if (!policy)`

 drivers/cpufreq/scpi-cpufreq.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/drivers/cpufreq/scpi-cpufreq.c b/drivers/cpufreq/scpi-cpufreq.c
index 17cda84f00df..dcbb0ae7dd47 100644
--- a/drivers/cpufreq/scpi-cpufreq.c
+++ b/drivers/cpufreq/scpi-cpufreq.c
@@ -29,9 +29,16 @@ static struct scpi_ops *scpi_ops;
 
 static unsigned int scpi_cpufreq_get_rate(unsigned int cpu)
 {
-	struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu);
-	struct scpi_data *priv = policy->driver_data;
-	unsigned long rate = clk_get_rate(priv->clk);
+	struct cpufreq_policy *policy;
+	struct scpi_data *priv;
+	unsigned long rate;
+
+	policy = cpufreq_cpu_get_raw(cpu);
+	if (unlikely(!policy))
+		return 0;
+
+	priv = policy->driver_data;
+	rate = clk_get_rate(priv->clk);
 
 	return rate / 1000;
 }
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v2 2/2] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
  2025-04-09 12:45 [PATCH v2 2/2] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin
@ 2025-04-09 12:52 ` henry martin
  0 siblings, 0 replies; 3+ messages in thread
From: henry martin @ 2025-04-09 12:52 UTC (permalink / raw)
  To: sven, j, alyssa, neal, rafael, viresh.kumar
  Cc: asahi, linux-arm-kernel, linux-pm, linux-kernel

Sorry for the noise - please disregard this patch as it was sent in error.

Henry Martin <bsdhenrymartin@gmail.com> 于2025年4月9日周三 20:45写道：
>
> cpufreq_cpu_get_raw() can return NULL when the target CPU is not present
> in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for
> this case, which results in a NULL pointer dereference.
>
> Fixes: 343a8d17fa8d ("cpufreq: scpi: remove arm_big_little dependency")
> Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com>
> ---
> V1 -> V2: Use `if (unlikely(!policy))` instead of `if (!policy)`
>
>  drivers/cpufreq/scpi-cpufreq.c | 13 ++++++++++---
>  1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/cpufreq/scpi-cpufreq.c b/drivers/cpufreq/scpi-cpufreq.c
> index 17cda84f00df..dcbb0ae7dd47 100644
> --- a/drivers/cpufreq/scpi-cpufreq.c
> +++ b/drivers/cpufreq/scpi-cpufreq.c
> @@ -29,9 +29,16 @@ static struct scpi_ops *scpi_ops;
>
>  static unsigned int scpi_cpufreq_get_rate(unsigned int cpu)
>  {
> -       struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu);
> -       struct scpi_data *priv = policy->driver_data;
> -       unsigned long rate = clk_get_rate(priv->clk);
> +       struct cpufreq_policy *policy;
> +       struct scpi_data *priv;
> +       unsigned long rate;
> +
> +       policy = cpufreq_cpu_get_raw(cpu);
> +       if (unlikely(!policy))
> +               return 0;
> +
> +       priv = policy->driver_data;
> +       rate = clk_get_rate(priv->clk);
>
>         return rate / 1000;
>  }
> --
> 2.34.1
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate()
@ 2025-04-08 15:03 Henry Martin
  2025-04-08 15:03 ` [PATCH v2 2/2] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin
  0 siblings, 1 reply; 3+ messages in thread
From: Henry Martin @ 2025-04-08 15:03 UTC (permalink / raw)
  To: sudeep.holla, cristian.marussi, rafael, viresh.kumar
  Cc: arm-scmi, linux-arm-kernel, linux-pm, linux-kernel, Henry Martin

This series fixes potential NULL pointer dereferences in scmi_cpufreq_get_rate()
and scpi_cpufreq_get_rate() when cpufreq_cpu_get_raw() returns NULL.

Henry Martin (2):
  cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
  cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()

 drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++--
 drivers/cpufreq/scpi-cpufreq.c | 13 ++++++++++---
 2 files changed, 18 insertions(+), 5 deletions(-)

-- 
2.34.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH v2 2/2] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
  2025-04-08 15:03 [PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate() Henry Martin
@ 2025-04-08 15:03 ` Henry Martin
  0 siblings, 0 replies; 3+ messages in thread
From: Henry Martin @ 2025-04-08 15:03 UTC (permalink / raw)
  To: sudeep.holla, cristian.marussi, rafael, viresh.kumar
  Cc: arm-scmi, linux-arm-kernel, linux-pm, linux-kernel, Henry Martin

cpufreq_cpu_get_raw() can return NULL when the target CPU is not present
in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for
this case, which results in a NULL pointer dereference.

Fixes: 343a8d17fa8d ("cpufreq: scpi: remove arm_big_little dependency")
Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com>
---
V1 -> V2: Use `if (unlikely(!policy))` instead of `if (!policy)`

 drivers/cpufreq/scpi-cpufreq.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/drivers/cpufreq/scpi-cpufreq.c b/drivers/cpufreq/scpi-cpufreq.c
index 17cda84f00df..dcbb0ae7dd47 100644
--- a/drivers/cpufreq/scpi-cpufreq.c
+++ b/drivers/cpufreq/scpi-cpufreq.c
@@ -29,9 +29,16 @@ static struct scpi_ops *scpi_ops;
 
 static unsigned int scpi_cpufreq_get_rate(unsigned int cpu)
 {
-	struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu);
-	struct scpi_data *priv = policy->driver_data;
-	unsigned long rate = clk_get_rate(priv->clk);
+	struct cpufreq_policy *policy;
+	struct scpi_data *priv;
+	unsigned long rate;
+
+	policy = cpufreq_cpu_get_raw(cpu);
+	if (unlikely(!policy))
+		return 0;
+
+	priv = policy->driver_data;
+	rate = clk_get_rate(priv->clk);
 
 	return rate / 1000;
 }
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-04-09 12:52 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-09 12:45 [PATCH v2 2/2] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin
2025-04-09 12:52 ` henry martin
  -- strict thread matches above, loose matches on Subject: below --
2025-04-08 15:03 [PATCH v2 0/2] cpufreq: scmi/scpi: Fix NULL pointer dereference in get_rate() Henry Martin
2025-04-08 15:03 ` [PATCH v2 2/2] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox