diff mbox series

[SRU,F,1/2] cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value

Message ID 20240910014027.1051871-2-koichiro.den@canonical.com
State New
Headers show
Series CVE-2024-27051 | expand

Commit Message

Koichiro Den Sept. 10, 2024, 1:40 a.m. UTC 
From: Anastasia Belova <abelova@astralinux.ru>

cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it
and return 0 in case of error.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: de322e085995 ("cpufreq: brcmstb-avs-cpufreq: AVS CPUfreq driver for Broadcom STB SoCs")
Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
(cherry picked from f661017e6d326ee187db24194cabb013d81bc2a6)
CVE-2024-27051
Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
---
 drivers/cpufreq/brcmstb-avs-cpufreq.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Thibault Ferrante Sept. 10, 2024, 10:14 a.m. UTC | #1 
On 10-09-2024 03:40, Koichiro Den wrote:
> From: Anastasia Belova <abelova@astralinux.ru>
> 
> cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it
> and return 0 in case of error.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: de322e085995 ("cpufreq: brcmstb-avs-cpufreq: AVS CPUfreq driver for Broadcom STB SoCs")
> Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
> Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
> (cherry picked from f661017e6d326ee187db24194cabb013d81bc2a6)
Both commits should be `backported from commit` as there is context adjustment done.


> CVE-2024-27051
> Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
> ---
>   drivers/cpufreq/brcmstb-avs-cpufreq.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/cpufreq/brcmstb-avs-cpufreq.c b/drivers/cpufreq/brcmstb-avs-cpufreq.c
> index 541486217984..1302e1900dcb 100644
> --- a/drivers/cpufreq/brcmstb-avs-cpufreq.c
> +++ b/drivers/cpufreq/brcmstb-avs-cpufreq.c
> @@ -457,6 +457,8 @@ static bool brcm_avs_is_firmware_loaded(struct private_data *priv)
>   static unsigned int brcm_avs_cpufreq_get(unsigned int cpu)
>   {
>   	struct cpufreq_policy *policy = cpufreq_cpu_get(cpu);
> +	if (!policy)
> +		return 0;
>   	struct private_data *priv = policy->driver_data;
>   
>   	return brcm_avs_get_frequency(priv->base);
Koichiro Den Sept. 10, 2024, 11:04 a.m. UTC | #2 
On Tue, Sep 10, 2024 at 12:14:31PM +0200, Thibault Ferrante wrote:
> On 10-09-2024 03:40, Koichiro Den wrote:
> > From: Anastasia Belova <abelova@astralinux.ru>
> > 
> > cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it
> > and return 0 in case of error.
> > 
> > Found by Linux Verification Center (linuxtesting.org) with SVACE.
> > 
> > Fixes: de322e085995 ("cpufreq: brcmstb-avs-cpufreq: AVS CPUfreq driver for Broadcom STB SoCs")
> > Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
> > Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
> > (cherry picked from f661017e6d326ee187db24194cabb013d81bc2a6)
> Both commits should be `backported from commit` as there is context adjustment done.
>
> > --(snip)-- 
Alright. It could be applied with fuzz=1 or 2, so it's context
adjustment. I'll send v2 shortly. The same applies for esm so I'll send
v2 for them as well. Thanks!
diff mbox series

Patch

diff --git a/drivers/cpufreq/brcmstb-avs-cpufreq.c b/drivers/cpufreq/brcmstb-avs-cpufreq.c
index 541486217984..1302e1900dcb 100644
--- a/drivers/cpufreq/brcmstb-avs-cpufreq.c
+++ b/drivers/cpufreq/brcmstb-avs-cpufreq.c
@@ -457,6 +457,8 @@  static bool brcm_avs_is_firmware_loaded(struct private_data *priv)
 static unsigned int brcm_avs_cpufreq_get(unsigned int cpu)
 {
 	struct cpufreq_policy *policy = cpufreq_cpu_get(cpu);
+	if (!policy)
+		return 0;
 	struct private_data *priv = policy->driver_data;
 
 	return brcm_avs_get_frequency(priv->base);