lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240820055705.3922754-2-quic_varada@quicinc.com>
Date: Tue, 20 Aug 2024 11:26:59 +0530
From: Varadarajan Narayanan <quic_varada@...cinc.com>
To: <andersson@...nel.org>, <konradybcio@...nel.org>, <robh@...nel.org>,
        <krzk+dt@...nel.org>, <conor+dt@...nel.org>, <mturquette@...libre.com>,
        <sboyd@...nel.org>, <ilia.lin@...nel.org>, <rafael@...nel.org>,
        <viresh.kumar@...aro.org>, <ulf.hansson@...aro.org>,
        <linux-pm@...r.kernel.org>, <linux-arm-msm@...r.kernel.org>,
        <devicetree@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <linux-clk@...r.kernel.org>
CC: Varadarajan Narayanan <quic_varada@...cinc.com>
Subject: [PATCH v7 1/7] soc: qcom: cpr3: Fix 'acc_desc' usage

cpr3 code assumes that 'acc_desc' is available for SoCs
implementing CPR version 4 or less. However, IPQ9574 SoC
implements CPRv4 without ACC. This causes NULL pointer accesses
resulting in crashes. Hence, check if 'acc_desc' is populated
before using it.

Signed-off-by: Varadarajan Narayanan <quic_varada@...cinc.com>
---
v6: Changes done in the previous version of this patch got squashed
    into Konrad's V15
	- https://lore.kernel.org/lkml/20240708-topic-cpr3h-v15-9-5bc8b8936489@linaro.org/

    In v14, cpr_set_acc() was invoked from cpr_pre_voltage() or
    cpr_post_voltage(). Both of those functions invoked cpr_set_acc()
    only if drv->tcsr was not NULL (and that implied acc_desc != NULL).
    In v15, cpr_pre_voltage() & cpr_post_voltage() have been
    removed and cpr_set_acc() is called even though acc_desc
    is NULL resulting in NULL pointer access.
    Hence allow cpr_set_acc() to proceed only if acc_desc is set.

v5: Add acc_desc check in a different way without breaking other SoC

v4: Undo the acc_desc validation in probe function as that could
    affect other SoC.
---
 drivers/pmdomain/qcom/cpr3.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/pmdomain/qcom/cpr3.c b/drivers/pmdomain/qcom/cpr3.c
index de24973978b7..d594bc79be1c 100644
--- a/drivers/pmdomain/qcom/cpr3.c
+++ b/drivers/pmdomain/qcom/cpr3.c
@@ -536,12 +536,15 @@ static void cpr_corner_restore(struct cpr_thread *thread,
 static void cpr_set_acc(struct cpr_drv *drv, int f)
 {
 	const struct acc_desc *desc = drv->acc_desc;
-	struct reg_sequence *s = desc->settings;
-	int n = desc->num_regs_per_fuse;
+	struct reg_sequence *s;
+	int n;
 
-	if (!drv->tcsr)
+	if (!desc || !drv->tcsr)
 		return;
 
+	s = desc->settings;
+	n = desc->num_regs_per_fuse;
+
 	if (!s || f == drv->fuse_level_set)
 		return;
 
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ