xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

staging: vchiq_core: handle NULL result of find_service_by_handle

Browse Source 
[ Upstream commit ca225857faf237234d2fffe5d1919467dfadd822 ]

In case of an invalid handle the function find_servive_by_handle
returns NULL. So take care of this and avoid a NULL pointer dereference.

Reviewed-by: Nicolas Saenz Julienne <nsaenz@kernel.org>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Link: https://lore.kernel.org/r/1642968143-19281-18-git-send-email-stefan.wahren@i2se.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Stefan Wahren
2022-01-23 21:02:22 +01:00
committed by Greg Kroah-Hartman
parent be4ecca958
commit aa0b729678
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
View File

@@ -2280,6 +2280,9 @@ void vchiq_msg_queue_push(unsigned int handle, struct vchiq_header *header)
struct vchiq_service *service = find_service_by_handle(handle); struct vchiq_service *service = find_service_by_handle(handle);
int pos; int pos;
if (!service)
return;
while (service->msg_queue_write == service->msg_queue_read + while (service->msg_queue_write == service->msg_queue_read +
VCHIQ_MAX_SLOTS) { VCHIQ_MAX_SLOTS) {
if (wait_for_completion_interruptible(&service->msg_queue_pop)) if (wait_for_completion_interruptible(&service->msg_queue_pop))
@@ -2299,6 +2302,9 @@ struct vchiq_header *vchiq_msg_hold(unsigned int handle)
struct vchiq_header *header; struct vchiq_header *header;
int pos; int pos;
if (!service)
return NULL;
if (service->msg_queue_write == service->msg_queue_read) if (service->msg_queue_write == service->msg_queue_read)
return NULL; return NULL;