msm: camera: common: Prevent NULL access in ISP & Sensor driver

Null arguments in ISP and Sensor drivers during init
and deinit calls can result in invalid dereferences
impacting the stability.
This commit adds checks to
handle such invalid arguments.

CRs-Fixed: 3711570
Change-Id: I08727201f787af0d5bc5dbe85acea03bb4db247c
Signed-off-by: Sourabh Soni <[email protected]>

drivers/cam_isp/isp_hw_mgr/cam_ife_hw_mgr.c

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /*
  * Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024, Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
 #include <linux/slab.h>
@@ -14188,8 +14188,7 @@ static int cam_ife_mgr_cmd(void *hw_mgr_priv, void *cmd_args)
 	int rc = 0;
 	struct cam_hw_cmd_args *hw_cmd_args = cmd_args;
 	struct cam_ife_hw_mgr  *hw_mgr = hw_mgr_priv;
-	struct cam_ife_hw_mgr_ctx *ctx = (struct cam_ife_hw_mgr_ctx *)
-		hw_cmd_args->ctxt_to_hw_map;
+	struct cam_ife_hw_mgr_ctx *ctx = NULL;
 	struct cam_isp_hw_cmd_args *isp_hw_cmd_args = NULL;
 	struct cam_packet          *packet;
 	unsigned long rem_jiffies = 0;
@@ -14200,6 +14199,7 @@ static int cam_ife_mgr_cmd(void *hw_mgr_priv, void *cmd_args)
 		return -EINVAL;
 	}
 
+	ctx = (struct cam_ife_hw_mgr_ctx *)hw_cmd_args->ctxt_to_hw_map;
 	if (!ctx || !ctx->flags.ctx_in_use) {
 		CAM_ERR(CAM_ISP, "Fatal: Invalid context is used");
 		return -EPERM;

drivers/cam_isp/isp_hw_mgr/isp_hw/vfe_hw/vfe_top/cam_vfe_camif_lite_ver3.c

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /*
  * Copyright (c) 2019-2021, The Linux Foundation. All rights reserved.
- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024, Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
 #include <linux/slab.h>
@@ -1304,6 +1304,11 @@ int cam_vfe_camif_lite_ver3_deinit(
 		camif_lite_node->res_priv;
 	int                                 i = 0;
 
+	if (!camif_lite_priv) {
+		CAM_ERR(CAM_ISP, "Error! camif_priv is NULL");
+		return -ENODEV;
+	}
+
 	CAM_DBG(CAM_ISP, "VFE:%d CAMIF LITE:%d %s Deinit",
 		camif_lite_node->hw_intf->hw_idx, camif_lite_node->res_id,
 		camif_lite_node->res_name);
@@ -1320,11 +1325,6 @@ int cam_vfe_camif_lite_ver3_deinit(
 
 	camif_lite_node->res_priv = NULL;
 
-	if (!camif_lite_priv) {
-		CAM_ERR(CAM_ISP, "Error. camif_priv is NULL");
-		return -ENODEV;
-	}
-
 	kfree(camif_lite_priv);
 
 	return 0;

drivers/cam_sensor_module/cam_cci/cam_cci_soc.c

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /*
  * Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024, Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
 #include "cam_cci_dev.h"
@@ -125,12 +125,21 @@ int cam_cci_init(struct v4l2_subdev *sd,
 
 	master = c_ctrl->cci_info->cci_i2c_master;
 	soc_info = &cci_dev->soc_info;
+
+	if (!soc_info) {
+		CAM_ERR(CAM_CCI,
+			"CCI%d_I2C_M%d failed: invalid params soc_info:%pK",
+			cci_dev->soc_info.index, master, soc_info);
+		rc = -EINVAL;
+		return rc;
+	}
+
 	base = soc_info->reg_map[0].mem_base;
 
-	if (!soc_info || !base) {
+	if (!base) {
 		CAM_ERR(CAM_CCI,
-			"CCI%d_I2C_M%d failed: invalid params soc_info:%pK, base:%pK",
-			cci_dev->soc_info.index, master, soc_info, base);
+			"CCI%d_I2C_M%d failed: invalid params base:%pK",
+			cci_dev->soc_info.index, master, base);
 		rc = -EINVAL;
 		return rc;
 	}