| Message ID | 20240405094005.18545-1-amishin@t-argos.ru (mailing list archive) |
|---|---|
| State | Changes Requested, archived |
| Headers | show |
| Series | cppc_cpufreq: Fix possible null pointer dereference | expand |
On 4/5/2024 3:10 PM, Aleksandr Mishin wrote: > cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from > different places with various parameters. So cpufreq_cpu_get() can return > null as 'policy' in some circumstances. > Fix this bug by adding null return check. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: a28b2bfc099c ("cppc_cpufreq: replace per-cpu data array with a list") > Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> > --- > drivers/cpufreq/cppc_cpufreq.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c > index 64420d9cfd1e..5f7e04e8497b 100644 > --- a/drivers/cpufreq/cppc_cpufreq.c > +++ b/drivers/cpufreq/cppc_cpufreq.c > @@ -741,6 +741,9 @@ static unsigned int cppc_cpufreq_get_rate(unsigned int cpu) > { > struct cppc_perf_fb_ctrs fb_ctrs_t0 = {0}, fb_ctrs_t1 = {0}; > struct cpufreq_policy *policy = cpufreq_cpu_get(cpu); > + if (!policy) > + return -ENODEV; > + You should be doing this after all variable declaration, somewhere ... ... struct cppc_cpudata *cpu_data; u64 delivered_perf; int ret; if (!policy) return -ENODEV; cpu_data = policy->driver_data; .. .. > struct cppc_cpudata *cpu_data = policy->driver_data; > u64 delivered_perf; > int ret; > @@ -822,6 +825,9 @@ static struct cpufreq_driver cppc_cpufreq_driver = { > static unsigned int hisi_cppc_cpufreq_get_rate(unsigned int cpu) > { > struct cpufreq_policy *policy = cpufreq_cpu_get(cpu); same here. > + if (!policy) > + return -ENODEV; > + > struct cppc_cpudata *cpu_data = policy->driver_data; > u64 desired_perf; > int ret; -Mukesh
On 05-04-24, 12:40, Aleksandr Mishin wrote: > cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from > different places with various parameters. So cpufreq_cpu_get() can return > null as 'policy' in some circumstances. > Fix this bug by adding null return check. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: a28b2bfc099c ("cppc_cpufreq: replace per-cpu data array with a list") > Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> > --- > drivers/cpufreq/cppc_cpufreq.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c > index 64420d9cfd1e..5f7e04e8497b 100644 > --- a/drivers/cpufreq/cppc_cpufreq.c > +++ b/drivers/cpufreq/cppc_cpufreq.c > @@ -741,6 +741,9 @@ static unsigned int cppc_cpufreq_get_rate(unsigned int cpu) > { > struct cppc_perf_fb_ctrs fb_ctrs_t0 = {0}, fb_ctrs_t1 = {0}; > struct cpufreq_policy *policy = cpufreq_cpu_get(cpu); > + if (!policy) > + return -ENODEV; > + > struct cppc_cpudata *cpu_data = policy->driver_data; > u64 delivered_perf; > int ret; > @@ -822,6 +825,9 @@ static struct cpufreq_driver cppc_cpufreq_driver = { > static unsigned int hisi_cppc_cpufreq_get_rate(unsigned int cpu) > { > struct cpufreq_policy *policy = cpufreq_cpu_get(cpu); > + if (!policy) > + return -ENODEV; > + > struct cppc_cpudata *cpu_data = policy->driver_data; > u64 desired_perf; > int ret; Does this compile fine ?
diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index 64420d9cfd1e..5f7e04e8497b 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -741,6 +741,9 @@ static unsigned int cppc_cpufreq_get_rate(unsigned int cpu) { struct cppc_perf_fb_ctrs fb_ctrs_t0 = {0}, fb_ctrs_t1 = {0}; struct cpufreq_policy *policy = cpufreq_cpu_get(cpu); + if (!policy) + return -ENODEV; + struct cppc_cpudata *cpu_data = policy->driver_data; u64 delivered_perf; int ret; @@ -822,6 +825,9 @@ static struct cpufreq_driver cppc_cpufreq_driver = { static unsigned int hisi_cppc_cpufreq_get_rate(unsigned int cpu) { struct cpufreq_policy *policy = cpufreq_cpu_get(cpu); + if (!policy) + return -ENODEV; + struct cppc_cpudata *cpu_data = policy->driver_data; u64 desired_perf; int ret;
cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: a28b2bfc099c ("cppc_cpufreq: replace per-cpu data array with a list") Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru> --- drivers/cpufreq/cppc_cpufreq.c | 6 ++++++ 1 file changed, 6 insertions(+)