lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250407-wondrous-turtle-of-foundation-e92250@sudeepholla>
Date: Mon, 7 Apr 2025 12:30:57 +0100
From: Sudeep Holla <sudeep.holla@....com>
To: Henry Martin <bsdhenrymartin@...il.com>
Cc: cristian.marussi@....com, rafael@...nel.org, viresh.kumar@...aro.org,
	Sudeep Holla <sudeep.holla@....com>, arm-scmi@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org, linux-pm@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1] cpufreq: scmi: Fix null-ptr-deref in
 scmi_cpufreq_get_rate()

On Sat, Apr 05, 2025 at 01:54:47PM +0800, Henry Martin wrote:
> cpufreq_cpu_get_raw() can return NULL when the target CPU is not present
> in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for
> this case, which results in a NULL pointer dereference.
> 
> Add NULL check after cpufreq_cpu_get_raw() to prevent this issue.
> 
> Fixes: 99d6bdf33877 ("cpufreq: add support for CPU DVFS based on SCMI message protocol")
> Signed-off-by: Henry Martin <bsdhenrymartin@...il.com>
> ---
>  drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c
> index c310aeebc8f3..c735f39245bf 100644
> --- a/drivers/cpufreq/scmi-cpufreq.c
> +++ b/drivers/cpufreq/scmi-cpufreq.c
> @@ -37,11 +37,17 @@ static struct cpufreq_driver scmi_cpufreq_driver;
>  
>  static unsigned int scmi_cpufreq_get_rate(unsigned int cpu)
>  {
> -	struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu);
> -	struct scmi_data *priv = policy->driver_data;
> +	struct cpufreq_policy *policy;
> +	struct scmi_data *priv;
>  	unsigned long rate;
>  	int ret;
>  
> +	policy = cpufreq_cpu_get_raw(cpu);
> +	if (!policy)

How about `if (unlikely(!policy))` instead ?

With that you can add :

Reviewed-by: Sudeep Holla <sudeep.holla@....com>

Both comment and review applies for scpi-cpufreq.c

-- 
Regards,
Sudeep

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ