| Message ID | 20250405055447.73925-1-bsdhenrymartin@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Delegated to: | viresh kumar |
| Headers | show |
| Series | [v1] cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() | expand |
…
> Add NULL check after cpufreq_cpu_get_raw() to prevent this issue.
Can any other summary phrase variant become more desirable accordingly?
Regards,
Markus
On Sat, Apr 05, 2025 at 01:54:47PM +0800, Henry Martin wrote: > cpufreq_cpu_get_raw() can return NULL when the target CPU is not present > in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for > this case, which results in a NULL pointer dereference. > > Add NULL check after cpufreq_cpu_get_raw() to prevent this issue. > > Fixes: 99d6bdf33877 ("cpufreq: add support for CPU DVFS based on SCMI message protocol") > Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com> > --- > drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c > index c310aeebc8f3..c735f39245bf 100644 > --- a/drivers/cpufreq/scmi-cpufreq.c > +++ b/drivers/cpufreq/scmi-cpufreq.c > @@ -37,11 +37,17 @@ static struct cpufreq_driver scmi_cpufreq_driver; > > static unsigned int scmi_cpufreq_get_rate(unsigned int cpu) > { > - struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu); > - struct scmi_data *priv = policy->driver_data; > + struct cpufreq_policy *policy; > + struct scmi_data *priv; > unsigned long rate; > int ret; > > + policy = cpufreq_cpu_get_raw(cpu); > + if (!policy) How about `if (unlikely(!policy))` instead ? With that you can add : Reviewed-by: Sudeep Holla <sudeep.holla@arm.com> Both comment and review applies for scpi-cpufreq.c
On 07-04-25, 12:30, Sudeep Holla wrote: > On Sat, Apr 05, 2025 at 01:54:47PM +0800, Henry Martin wrote: > > cpufreq_cpu_get_raw() can return NULL when the target CPU is not present > > in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for > > this case, which results in a NULL pointer dereference. > > > > Add NULL check after cpufreq_cpu_get_raw() to prevent this issue. > > > > Fixes: 99d6bdf33877 ("cpufreq: add support for CPU DVFS based on SCMI message protocol") > > Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com> > > --- > > drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++-- > > 1 file changed, 8 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c > > index c310aeebc8f3..c735f39245bf 100644 > > --- a/drivers/cpufreq/scmi-cpufreq.c > > +++ b/drivers/cpufreq/scmi-cpufreq.c > > @@ -37,11 +37,17 @@ static struct cpufreq_driver scmi_cpufreq_driver; > > > > static unsigned int scmi_cpufreq_get_rate(unsigned int cpu) > > { > > - struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu); > > - struct scmi_data *priv = policy->driver_data; > > + struct cpufreq_policy *policy; > > + struct scmi_data *priv; > > unsigned long rate; > > int ret; > > > > + policy = cpufreq_cpu_get_raw(cpu); > > + if (!policy) > > How about `if (unlikely(!policy))` instead ? Henry, this change applies to all the patches you have sent. Also please send them as a single series, as they are related changes.
> How about `if (unlikely(!policy))` instead ? Agreed, unlikely() makes sense here since the NULL check is for an exceptional case. I'll update all relevant patches accordingly. > Henry, this change applies to all the patches you have sent. Also please send > them as a single series, as they are related changes. Noted. I’ll consolidate the patches into a single series with a proper cover letter and resend them shortly. Viresh Kumar <viresh.kumar@linaro.org> 于2025年4月8日周二 13:55写道: > > On 07-04-25, 12:30, Sudeep Holla wrote: > > On Sat, Apr 05, 2025 at 01:54:47PM +0800, Henry Martin wrote: > > > cpufreq_cpu_get_raw() can return NULL when the target CPU is not present > > > in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for > > > this case, which results in a NULL pointer dereference. > > > > > > Add NULL check after cpufreq_cpu_get_raw() to prevent this issue. > > > > > > Fixes: 99d6bdf33877 ("cpufreq: add support for CPU DVFS based on SCMI message protocol") > > > Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com> > > > --- > > > drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++-- > > > 1 file changed, 8 insertions(+), 2 deletions(-) > > > > > > diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c > > > index c310aeebc8f3..c735f39245bf 100644 > > > --- a/drivers/cpufreq/scmi-cpufreq.c > > > +++ b/drivers/cpufreq/scmi-cpufreq.c > > > @@ -37,11 +37,17 @@ static struct cpufreq_driver scmi_cpufreq_driver; > > > > > > static unsigned int scmi_cpufreq_get_rate(unsigned int cpu) > > > { > > > - struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu); > > > - struct scmi_data *priv = policy->driver_data; > > > + struct cpufreq_policy *policy; > > > + struct scmi_data *priv; > > > unsigned long rate; > > > int ret; > > > > > > + policy = cpufreq_cpu_get_raw(cpu); > > > + if (!policy) > > > > How about `if (unlikely(!policy))` instead ? > > Henry, this change applies to all the patches you have sent. Also please send > them as a single series, as they are related changes. > > -- > viresh
diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c index c310aeebc8f3..c735f39245bf 100644 --- a/drivers/cpufreq/scmi-cpufreq.c +++ b/drivers/cpufreq/scmi-cpufreq.c @@ -37,11 +37,17 @@ static struct cpufreq_driver scmi_cpufreq_driver; static unsigned int scmi_cpufreq_get_rate(unsigned int cpu) { - struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu); - struct scmi_data *priv = policy->driver_data; + struct cpufreq_policy *policy; + struct scmi_data *priv; unsigned long rate; int ret; + policy = cpufreq_cpu_get_raw(cpu); + if (!policy) + return 0; + + priv = policy->driver_data; + ret = perf_ops->freq_get(ph, priv->domain_id, &rate, false); if (ret) return 0;
cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. Add NULL check after cpufreq_cpu_get_raw() to prevent this issue. Fixes: 99d6bdf33877 ("cpufreq: add support for CPU DVFS based on SCMI message protocol") Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com> --- drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)