android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

firmware: qcom_scm: Handle waiting of only non-NULL device pointers

Browse Source 
Some SCM calls pass a NULL device pointer to qcom_scm_call(). If such
functions are made to wait by the underlying firmware via the wait-queue
mechanism, this could lead to a NULL pointer dereference when control
flow reaches qcom_scm_handle_wait(), where the device pointer is
dereferenced via dev_get_drvdata().

Prevent this from happening by ensuring that the device pointer is
non-NULL before handling its waiting state.

Change-Id: Id06ae41dc3e883a4fe75cb0db78a5aaeb2d85f22
Signed-off-by: Guru Das Srinagesh <gurus@codeaurora.org>
This commit is contained in:
Guru Das Srinagesh 2021-09-14 17:09:48 -07:00
parent 6da16ed16b
commit 3b1be7f02c
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/firmware/qcom_scm-smc.c
View File

@ -167,6 +167,9 @@ int __scm_smc_call(struct device *dev, const struct qcom_scm_desc *desc,
/* Atomic calls should not wait */
BUG_ON(call_type == QCOM_SCM_CALL_ATOMIC);
if (!dev)
return -EPROBE_DEFER;
wait_res.result[0] = smc_res.a1;
wait_res.result[1] = smc_res.a2;
wait_res.result[2] = smc_res.a3;