Re: [PATCH v1] cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
From: Viresh Kumar
Date: Tue Apr 08 2025 - 01:55:18 EST
On 07-04-25, 12:30, Sudeep Holla wrote:
> On Sat, Apr 05, 2025 at 01:54:47PM +0800, Henry Martin wrote:
> > cpufreq_cpu_get_raw() can return NULL when the target CPU is not present
> > in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for
> > this case, which results in a NULL pointer dereference.
> >
> > Add NULL check after cpufreq_cpu_get_raw() to prevent this issue.
> >
> > Fixes: 99d6bdf33877 ("cpufreq: add support for CPU DVFS based on SCMI message protocol")
> > Signed-off-by: Henry Martin <bsdhenrymartin@xxxxxxxxx>
> > ---
> > drivers/cpufreq/scmi-cpufreq.c | 10 ++++++++--
> > 1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/cpufreq/scmi-cpufreq.c b/drivers/cpufreq/scmi-cpufreq.c
> > index c310aeebc8f3..c735f39245bf 100644
> > --- a/drivers/cpufreq/scmi-cpufreq.c
> > +++ b/drivers/cpufreq/scmi-cpufreq.c
> > @@ -37,11 +37,17 @@ static struct cpufreq_driver scmi_cpufreq_driver;
> >
> > static unsigned int scmi_cpufreq_get_rate(unsigned int cpu)
> > {
> > - struct cpufreq_policy *policy = cpufreq_cpu_get_raw(cpu);
> > - struct scmi_data *priv = policy->driver_data;
> > + struct cpufreq_policy *policy;
> > + struct scmi_data *priv;
> > unsigned long rate;
> > int ret;
> >
> > + policy = cpufreq_cpu_get_raw(cpu);
> > + if (!policy)
>
> How about `if (unlikely(!policy))` instead ?
Henry, this change applies to all the patches you have sent. Also please send
them as a single series, as they are related changes.
--
viresh