From patchwork Tue Jun 14 18:25:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrien Thierry X-Patchwork-Id: 12881362 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 59097C43334 for ; Tue, 14 Jun 2022 18:27:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=fUEqoWgr2Tnfc/wO8BzubIJhkpgSuksx80nobC4cPAg=; b=zN6zrHp/w8XpDP Gu1toZUE6E8vb9ofoQxAUSfbcfr8AgN8847y8jV/+BGDNqLhubp4h2Pl510wWnQIOCYyY6u0Si4Mh yrZZa5TEqMwK6c9GhQPRLpo5sNhtpLjOFMovBK2lyLP3D1NjbvbGrSXzamEb3nRNoXdCRRqMqC+Mc 5NshfOTYvCz3EWYwx3QWnmPRnIBqIMZh8Wif97mQzWYYUyf5IeNeEP7oJON5ByXzDo8Crh+wVqvPq f7jmV/9iS4UX3VB8fdY6mgD/bhXKmgRV8OBs2qHM/mhqyMsZeoeMF2mmQ61iNvuveoJ0l2ENioT9N OogykD4wi8u8znNq0pHQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o1BFH-00AldE-KY; Tue, 14 Jun 2022 18:26:31 +0000 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o1BFD-00AlcF-GZ for linux-arm-kernel@lists.infradead.org; Tue, 14 Jun 2022 18:26:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1655231184; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+2ghUAqq8tV/t933HP/EAr/vq6kVXtlGVMho/GYXXI4=; b=SGxFNxSVhpk8ToY2dSoTMFN1wuUCA9fCdP5RYN7Nzrn54fc6RmHfnlOSXCMVqgXhqjrPyz N9vo7ejG7j5rDcvTAPTOq2CVNzl0rgcNQfgGqcITeV4Q2xbwAs1pQLacLCqOyOb+AXtR06 tTv7ad2OYUwNqQP/+L3irvYh7Jd3qdg= Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-122-FgmfJ7MUNI6E1R4CS6jHgw-1; Tue, 14 Jun 2022 14:26:23 -0400 X-MC-Unique: FgmfJ7MUNI6E1R4CS6jHgw-1 Received: by mail-qk1-f199.google.com with SMTP id u8-20020a05620a454800b006a74e6b39eeso8093583qkp.12 for ; Tue, 14 Jun 2022 11:26:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=+2ghUAqq8tV/t933HP/EAr/vq6kVXtlGVMho/GYXXI4=; b=0JmxS15rhyHF8+yUtE/9kryrzNPcecoYGNRPDOkdx7mAZj1f/KsZCVhUOT+pJJGvIZ l/D/nvtoDRrkhFTOlylcbLCWqrtwTvPNzR/Yd1L9Qwh2vSlpE/9Sjz4HKcm1k03cjpip kDLzPi5vGbsg4Zffr+sWc5oU3IuV5uojZrFVuh55kkm/Tr8uHu9f4K1SBHQVDeU7iuZ+ 2fqAjAFbtjgge7oT2lMsYev/d+8hGNKndO/BwX4O+V8bodXfef1JI2pfLxVw1pOq71kE GoVpoQBXNXBXbrraIISqXOrFSsWk8kWsKXwhrDPZTvlxGN6YQ5HlKmCtTAZWWr4fJ9f0 BjxQ== X-Gm-Message-State: AJIora8yOiWM6775NLH65FMYJ5GdjDJJNmP2qhWXD7OuBeO8ToPdScVk SAeKVNLAR/oH+s7hWq7d36ea68bxGHiu4BS+S3odhb2ZRP2MgTmbKlMmpqO2axcdHrkhgrTF2q9 L6RI/z7CAAMk4eLztCXWcHMuoCVlc/z1XoZc= X-Received: by 2002:ad4:5c66:0:b0:464:67f7:7fa6 with SMTP id i6-20020ad45c66000000b0046467f77fa6mr4765304qvh.39.1655231182687; Tue, 14 Jun 2022 11:26:22 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uzQsD1blOZeQyV34RqpAWS2lJj/DpXWIAfN92HwdNW4hTCj3v7/yXuU/npHeWWIfzrRCm8lw== X-Received: by 2002:ad4:5c66:0:b0:464:67f7:7fa6 with SMTP id i6-20020ad45c66000000b0046467f77fa6mr4765288qvh.39.1655231182449; Tue, 14 Jun 2022 11:26:22 -0700 (PDT) Received: from fedora.hitronhub.home (modemcable200.11-22-96.mc.videotron.ca. [96.22.11.200]) by smtp.gmail.com with ESMTPSA id c20-20020ac853d4000000b00304e38fb3dasm7590260qtq.35.2022.06.14.11.26.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Jun 2022 11:26:22 -0700 (PDT) From: Adrien Thierry To: Florian Fainelli , Broadcom internal kernel review list , Greg Kroah-Hartman Cc: Dan Carpenter , Adrien Thierry , linux-rpi-kernel@lists.infradead.org, linux-arm-kernel@lists.infradead.org, linux-staging@lists.linux.dev Subject: [PATCH] staging: vchiq_arm: check vchiq_instance for NULL before dereferencing Date: Tue, 14 Jun 2022 14:25:44 -0400 Message-Id: <20220614182544.690630-1-athierry@redhat.com> X-Mailer: git-send-email 2.35.3 MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=athierry@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220614_112627_665409_081949C7 X-CRM114-Status: GOOD ( 11.53 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In service_callback(), the vchiq_instance is checked for NULL after dereferencing it. Switch the order of those operations. This was reported by https://lore.kernel.org/all/Yqc+Oavmh0zMRVPQ@kili/ I moved the NULL check before the call to rcu_read_lock() since access to the vchiq_instance is not RCU-protected (the RCU is only used to access the vchiq_service). Signed-off-by: Adrien Thierry --- .../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) base-commit: de9257ae1d3b0d8856955045d194e3ff4f278394 diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index 3bcb893d14a1..ba1f86799b7f 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -1058,6 +1058,9 @@ service_callback(struct vchiq_instance *instance, enum vchiq_reason reason, DEBUG_TRACE(SERVICE_CALLBACK_LINE); + if (!instance || instance->closing) + return VCHIQ_SUCCESS; + rcu_read_lock(); service = handle_to_service(instance, handle); if (WARN_ON(!service)) { @@ -1067,11 +1070,6 @@ service_callback(struct vchiq_instance *instance, enum vchiq_reason reason, user_service = (struct user_service *)service->base.userdata; - if (!instance || instance->closing) { - rcu_read_unlock(); - return VCHIQ_SUCCESS; - } - /* * As hopping around different synchronization mechanism, * taking an extra reference results in simpler implementation.