msm: camera: sensor: Add subdev data ptr NULL checks

Add NULL checks for the private device data ptr
returned by v4l2_get_subdevdata for sensor/CCI/PHY/flash
subdevs.

CRs-Fixed: 3605325
Change-Id: I146857a944988655f75327046bebd9b87154939b
Signed-off-by: Shravan Nevatia <[email protected]>
(cherry picked from commit 8eaa13f96deb4d940c25cb6043a06f0b7235966a)

drivers/cam_sensor_module/cam_cci/cam_cci_core.c

@@ -1014,6 +1014,10 @@ static int32_t cam_cci_burst_read(struct v4l2_subdev *sd,
 	void __iomem                       *base = NULL;
 
 	cci_dev = v4l2_get_subdevdata(sd);
+	if (!cci_dev) {
+		CAM_ERR(CAM_CCI, "cci_dev NULL");
+		return -EINVAL;
+	}
 	master = c_ctrl->cci_info->cci_i2c_master;
 	read_cfg = &c_ctrl->cfg.cci_i2c_read_cfg;
 
@@ -1305,6 +1309,10 @@ static int32_t cam_cci_read(struct v4l2_subdev *sd,
 	void __iomem *base = NULL;
 
 	cci_dev = v4l2_get_subdevdata(sd);
+	if (!cci_dev) {
+		CAM_ERR(CAM_CCI, "cci_dev NULL");
+		return -EINVAL;
+	}
 	master = c_ctrl->cci_info->cci_i2c_master;
 	read_cfg = &c_ctrl->cfg.cci_i2c_read_cfg;
 
@@ -1523,6 +1531,10 @@ static int32_t cam_cci_i2c_write(struct v4l2_subdev *sd,
 	enum cci_i2c_master_t master;
 
 	cci_dev = v4l2_get_subdevdata(sd);
+	if (!cci_dev) {
+		CAM_ERR(CAM_CCI, "cci_dev NULL");
+		return -EINVAL;
+	}
 
 	if (cci_dev->cci_state != CCI_STATE_ENABLED) {
 		CAM_ERR(CAM_CCI, "invalid cci: %d state: %d",
@@ -1624,6 +1636,10 @@ static int32_t cam_cci_i2c_write_async(struct v4l2_subdev *sd,
 	struct cam_sensor_i2c_reg_setting *cci_i2c_write_cfg_w;
 
 	cci_dev = v4l2_get_subdevdata(sd);
+	if (!cci_dev) {
+		CAM_ERR(CAM_CCI, "cci_dev NULL");
+		return -EINVAL;
+	}
 
 	write_async = kzalloc(sizeof(*write_async), GFP_KERNEL);
 	if (!write_async) {
@@ -1874,6 +1890,10 @@ static int32_t cam_cci_release(struct v4l2_subdev *sd,
 	struct cci_device *cci_dev;
 
 	cci_dev = v4l2_get_subdevdata(sd);
+	if (!cci_dev) {
+		CAM_ERR(CAM_CCI, "cci_dev NULL");
+		return -EINVAL;
+	}
 
 	rc = cam_cci_soc_release(cci_dev, master);
 	if (rc < 0) {

drivers/cam_sensor_module/cam_cci/cam_cci_dev.c

@@ -380,8 +380,14 @@ static int cam_cci_irq_routine(struct v4l2_subdev *sd, u32 status,
 {
 	struct cci_device *cci_dev = v4l2_get_subdevdata(sd);
 	irqreturn_t ret;
-	struct cam_hw_soc_info *soc_info =
-		&cci_dev->soc_info;
+	struct cam_hw_soc_info *soc_info = NULL;
+
+	if (!cci_dev) {
+		CAM_ERR(CAM_CCI, "cci_dev NULL");
+		return -EINVAL;
+	}
+
+	soc_info = &cci_dev->soc_info;
 
 	ret = cam_cci_irq(soc_info->irq_num[0], cci_dev);
 	if (ret == IRQ_NONE)
@@ -557,6 +563,11 @@ static void cam_cci_component_unbind(struct device *dev,
 	struct cci_device *cci_dev =
 		v4l2_get_subdevdata(subdev);
 
+	if (!cci_dev) {
+		CAM_ERR(CAM_CCI, "cci_dev NULL");
+		return;
+	}
+
 	cam_cpas_unregister_client(cci_dev->cpas_handle);
 	debugfs_root = NULL;
 	cam_cci_soc_remove(pdev, cci_dev);

drivers/cam_sensor_module/cam_csiphy/cam_csiphy_dev.c

@@ -144,6 +144,11 @@ static void cam_csiphy_subdev_handle_message(struct v4l2_subdev *sd,
 		return;
 	}
 
+	if (!csiphy_dev) {
+		CAM_ERR(CAM_CSIPHY, "csiphy_dev ptr is NULL");
+		return;
+	}
+
 	phy_idx = *(uint32_t *)data;
 	if (phy_idx != csiphy_dev->soc_info.index) {
 		CAM_DBG(CAM_CSIPHY, "Current HW IDX: %u, Expected IDX: %u",
@@ -371,6 +376,11 @@ static long cam_csiphy_subdev_ioctl(struct v4l2_subdev *sd,
 	struct csiphy_device *csiphy_dev = v4l2_get_subdevdata(sd);
 	int rc = 0;
 
+	if (!csiphy_dev) {
+		CAM_ERR(CAM_CSIPHY, "csiphy_dev ptr is NULL");
+		return -EINVAL;
+	}
+
 	switch (cmd) {
 	case VIDIOC_CAM_CONTROL:
 		rc = cam_csiphy_core_cfg(csiphy_dev, arg);
@@ -600,6 +610,11 @@ static void cam_csiphy_component_unbind(struct device *dev,
 	struct v4l2_subdev *subdev = platform_get_drvdata(pdev);
 	struct csiphy_device *csiphy_dev = v4l2_get_subdevdata(subdev);
 
+	if (!csiphy_dev) {
+		CAM_ERR(CAM_CSIPHY, "csiphy_dev ptr is NULL");
+		return;
+	}
+
 	cam_csiphy_debug_unregister();
 	CAM_INFO(CAM_CSIPHY, "Unbind CSIPHY component");
 	cam_cpas_unregister_client(csiphy_dev->cpas_handle);

drivers/cam_sensor_module/cam_flash/cam_flash_dev.c

@@ -291,6 +291,10 @@ static long cam_flash_subdev_ioctl(struct v4l2_subdev *sd,
 	CAM_DBG(CAM_FLASH, "Enter");
 
 	fctrl = v4l2_get_subdevdata(sd);
+	if (!fctrl) {
+		CAM_ERR(CAM_FLASH, "Flash ctrl ptr is NULL");
+		return -EINVAL;
+	}
 	soc_private = fctrl->soc_info.soc_private;
 
 	switch (cmd) {

drivers/cam_sensor_module/cam_sensor/cam_sensor_core.c

@@ -1621,6 +1621,10 @@ int cam_sensor_establish_link(struct cam_req_mgr_core_dev_link_setup *link)
 int cam_sensor_power(struct v4l2_subdev *sd, int on)
 {
 	struct cam_sensor_ctrl_t *s_ctrl = v4l2_get_subdevdata(sd);
+	if (!s_ctrl) {
+		CAM_ERR(CAM_SENSOR, "s_ctrl ptr is NULL");
+		return -EINVAL;
+	}
 
 	mutex_lock(&(s_ctrl->cam_sensor_mutex));
 	if (!on && s_ctrl->sensor_state == CAM_SENSOR_START) {