Message ID | 20240408093536.19485-1-amishin@t-argos.ru (mailing list archive) |
---|---|
State | New |
Delegated to: | viresh kumar |
Headers | show |
Series | [v2] cppc_cpufreq: Fix possible null pointer dereference | expand |
On 08-04-24, 12:35, Aleksandr Mishin wrote: > cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from > different places with various parameters. So cpufreq_cpu_get() can return > null as 'policy' in some circumstances. > Fix this bug by adding null return check. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: a28b2bfc099c ("cppc_cpufreq: replace per-cpu data array with a list") > Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> > --- > v2: Fix mixed declarations > > drivers/cpufreq/cppc_cpufreq.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) Applied. Thanks.
diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index 64420d9cfd1e..15f1d41920a3 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -741,10 +741,15 @@ static unsigned int cppc_cpufreq_get_rate(unsigned int cpu) { struct cppc_perf_fb_ctrs fb_ctrs_t0 = {0}, fb_ctrs_t1 = {0}; struct cpufreq_policy *policy = cpufreq_cpu_get(cpu); - struct cppc_cpudata *cpu_data = policy->driver_data; + struct cppc_cpudata *cpu_data; u64 delivered_perf; int ret; + if (!policy) + return -ENODEV; + + cpu_data = policy->driver_data; + cpufreq_cpu_put(policy); ret = cppc_get_perf_ctrs(cpu, &fb_ctrs_t0); @@ -822,10 +827,15 @@ static struct cpufreq_driver cppc_cpufreq_driver = { static unsigned int hisi_cppc_cpufreq_get_rate(unsigned int cpu) { struct cpufreq_policy *policy = cpufreq_cpu_get(cpu); - struct cppc_cpudata *cpu_data = policy->driver_data; + struct cppc_cpudata *cpu_data; u64 desired_perf; int ret; + if (!policy) + return -ENODEV; + + cpu_data = policy->driver_data; + cpufreq_cpu_put(policy); ret = cppc_get_desired_perf(cpu, &desired_perf);
cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: a28b2bfc099c ("cppc_cpufreq: replace per-cpu data array with a list") Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> --- v2: Fix mixed declarations drivers/cpufreq/cppc_cpufreq.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-)