| Message ID | 20241209-qcom-scm-missing-barriers-and-all-sort-of-srap-v2-3-9061013c8d92@linaro.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | firmware: qcom: scm: Fixes for concurrency | expand |
On Mon, 9 Dec 2024 at 15:28, Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> wrote: > > The SCM driver can defer or fail probe, or just load a bit later so > callers of qcom_scm_assign_mem() should defer if the device is not ready. > > This fixes theoretical NULL pointer exception, triggered via introducing > probe deferral in SCM driver with call trace: > > qcom_tzmem_alloc+0x70/0x1ac (P) > qcom_tzmem_alloc+0x64/0x1ac (L) > qcom_scm_assign_mem+0x78/0x194 > qcom_rmtfs_mem_probe+0x2d4/0x38c > platform_probe+0x68/0xc8 > > Fixes: d82bd359972a ("firmware: scm: Add new SCM call API for switching memory ownership") > Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> > > --- > Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c index 5d91b8e22844608f35432f1ba9c08d477d4ff762..93212c8f20ad65ecc44804b00f4b93e3eaaf8d95 100644 --- a/drivers/firmware/qcom/qcom_scm.c +++ b/drivers/firmware/qcom/qcom_scm.c @@ -1075,6 +1075,9 @@ int qcom_scm_assign_mem(phys_addr_t mem_addr, size_t mem_sz, int ret, i, b; u64 srcvm_bits = *srcvm; + if (!qcom_scm_is_available()) + return -EPROBE_DEFER; + src_sz = hweight64(srcvm_bits) * sizeof(*src); mem_to_map_sz = sizeof(*mem_to_map); dest_sz = dest_cnt * sizeof(*destvm);
The SCM driver can defer or fail probe, or just load a bit later so callers of qcom_scm_assign_mem() should defer if the device is not ready. This fixes theoretical NULL pointer exception, triggered via introducing probe deferral in SCM driver with call trace: qcom_tzmem_alloc+0x70/0x1ac (P) qcom_tzmem_alloc+0x64/0x1ac (L) qcom_scm_assign_mem+0x78/0x194 qcom_rmtfs_mem_probe+0x2d4/0x38c platform_probe+0x68/0xc8 Fixes: d82bd359972a ("firmware: scm: Add new SCM call API for switching memory ownership") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> --- I am not sure about commit introducing it (Fixes tag) thus not Cc-ing stable. --- drivers/firmware/qcom/qcom_scm.c | 3 +++ 1 file changed, 3 insertions(+)