Re: [PATCH] firmware: arm_scmi: Fix NULL dereference on notify error path

Next message: Loic Poulain: "Re: [PATCH 0/2] i2c: qcom-cci: Add DT property for SCL clock stretching"
Previous message: mike . marciniszyn: "[PATCH net-next v3 4/5] eth fbnic: TLV support for use by MBX self test"
In reply to: Dan Carpenter: "Re: [PATCH] firmware: arm_scmi: Fix NULL dereference on notify error path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Cristian Marussi

Date: Thu Mar 05 2026 - 10:21:57 EST

On Thu, Mar 05, 2026 at 06:09:47PM +0300, Dan Carpenter wrote:
> On Thu, Mar 05, 2026 at 01:10:11PM +0000, Cristian Marussi wrote:
> > Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier
> > registration for unsupported events") the call chains leading to the helper
> > __scmi_event_handler_get_ops expect an ERR_PTR to be returned on failure to
> > get an handler for the requested event key, while the current helper can
> > still return a NULL when no handler could be found or created.
> >
> > Fix by forcing an ERR_PTR return value when the handler reference is NULL.
> >
> > Fixes: b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier registration for unsupported events")
> > Signed-off-by: Cristian Marussi <cristian.marussi@xxxxxxx>
> > ---

Hi Dan,

>
> Reviewed-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

Thanks for you review.

>
> I feel a bit bad about this. I saw this as a Smatch warning last August
> but I somehow marked it as a false positive. :/

:P

...it was tricky because the code is bit convoluted...
...indeed I posted this as a quick easy backportable fix BUT I am gonna
post soon a full rework on top of this around that function and the
whole SCMI notification core code that makes use of cleanup handlers
since they greatly simplify some of the mutexes hell around this
stuff...

Thanks,
Cristian