From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Wood, Brian J" <brian.j.wood@intel.com>
Date: Fri, 15 Mar 2019 11:37:47 -0700
Subject: [PATCH] media: pci: improper use of pointer before verified as valid

This fixes multiple uses of pointers before they've been
verified as having non-NULL value.

Tracked-On:PKT-1816

Change-Id: Ic9c4857d820e5a7362af97de290776df6f9335c2
Signed-off-by: Wood, Brian J <brian.j.wood@intel.com>
---
 drivers/media/pci/intel/ipu-wrapper.c | 75 +++++++++++++++++----------
 1 file changed, 47 insertions(+), 28 deletions(-)

diff --git a/drivers/media/pci/intel/ipu-wrapper.c b/drivers/media/pci/intel/ipu-wrapper.c
index 047c1f2ee2cf..f2a70cb46ae8 100644
--- a/drivers/media/pci/intel/ipu-wrapper.c
+++ b/drivers/media/pci/intel/ipu-wrapper.c
@@ -224,7 +224,8 @@ u64 shared_memory_alloc(unsigned int mmid, size_t bytes)
 	struct my_css_memory_buffer_item *buf;
 	unsigned long flags;
 
-	dev_dbg(mine->dev, "%s: in, size: %zu\n", __func__, bytes);
+	if (mine)
+		dev_dbg(mine->dev, "%s: in, size: %zu\n", __func__, bytes);
 
 	if (!bytes)
 		return (unsigned long)&alloc_cookie;
@@ -267,6 +268,11 @@ void shared_memory_free(unsigned int mmid, u64 addr)
 	struct my_css_memory_buffer_item *buf = NULL;
 	unsigned long flags;
 
+	if (!mine) {
+                pr_err("Invalid mem subsystem, return. mmid=%d", mmid);
+                return;
+        }
+
 	if ((void *)(unsigned long)addr == &alloc_cookie)
 		return;
 
@@ -308,7 +314,7 @@ u32 shared_memory_map(unsigned int ssid, unsigned int mmid, u64 addr)
 	unsigned long flags;
 
 	if (!mine) {
-		pr_err("Invalid mem subsystem, return NULL");
+		pr_err("Invalid mem subsystem, return NULL. mmid=%d", mmid);
 		return NULL;
 	}
 
@@ -343,9 +349,10 @@ void shared_memory_unmap(unsigned int ssid, unsigned int mmid, u32 addr)
  */
 void shared_memory_store_8(unsigned int mmid, u64 addr, u8 data)
 {
-	dev_dbg(get_mem_sub_system(mmid)->dev,
-		"access: %s: Enter addr = 0x%llx data = 0x%x\n",
-		__func__, addr, data);
+	if (get_mem_sub_system(mmid))
+		dev_dbg(get_mem_sub_system(mmid)->dev,
+			"access: %s: Enter addr = 0x%llx data = 0x%x\n",
+			__func__, addr, data);
 
 	*((u8 *)(unsigned long) addr) = data;
 	/*Invalidate the cache lines to flush the content to ddr. */
@@ -358,9 +365,10 @@ void shared_memory_store_8(unsigned int mmid, u64 addr, u8 data)
  */
 void shared_memory_store_16(unsigned int mmid, u64 addr, u16 data)
 {
-	dev_dbg(get_mem_sub_system(mmid)->dev,
-		"access: %s: Enter addr = 0x%llx data = 0x%x\n",
-		__func__, addr, data);
+	if (get_mem_sub_system(mmid))
+		dev_dbg(get_mem_sub_system(mmid)->dev,
+			"access: %s: Enter addr = 0x%llx data = 0x%x\n",
+			__func__, addr, data);
 
 	*((u16 *)(unsigned long) addr) = data;
 	/*Invalidate the cache lines to flush the content to ddr. */
@@ -373,9 +381,10 @@ void shared_memory_store_16(unsigned int mmid, u64 addr, u16 data)
  */
 void shared_memory_store_32(unsigned int mmid, u64 addr, u32 data)
 {
-	dev_dbg(get_mem_sub_system(mmid)->dev,
-		"access: %s: Enter addr = 0x%llx data = 0x%x\n",
-		__func__, addr, data);
+	if (get_mem_sub_system(mmid))
+		dev_dbg(get_mem_sub_system(mmid)->dev,
+			"access: %s: Enter addr = 0x%llx data = 0x%x\n",
+			__func__, addr, data);
 
 	*((u32 *)(unsigned long) addr) = data;
 	/* Invalidate the cache lines to flush the content to ddr. */
@@ -389,11 +398,12 @@ void shared_memory_store_32(unsigned int mmid, u64 addr, u32 data)
 void shared_memory_store(unsigned int mmid, u64 addr, const void *data,
 			 size_t bytes)
 {
-	dev_dbg(get_mem_sub_system(mmid)->dev,
-		"access: %s: Enter addr = 0x%lx bytes = 0x%zx\n", __func__,
-		(unsigned long)addr, bytes);
+	if (get_mem_sub_system(mmid))
+		dev_dbg(get_mem_sub_system(mmid)->dev,
+			"access: %s: Enter addr = 0x%lx bytes = 0x%zx\n", __func__,
+			(unsigned long)addr, bytes);
 
-	if (!data) {
+	if (!data && get_mem_sub_system(mmid)) {
 		dev_err(get_mem_sub_system(mmid)->dev,
 			"%s: data ptr is null\n", __func__);
 	} else {
@@ -415,9 +425,10 @@ void shared_memory_store(unsigned int mmid, u64 addr, const void *data,
  */
 void shared_memory_zero(unsigned int mmid, u64 addr, size_t bytes)
 {
-	dev_dbg(get_mem_sub_system(mmid)->dev,
-		"access: %s: Enter addr = 0x%llx data = 0x%zx\n",
-		__func__, (unsigned long long)addr, bytes);
+	if (get_mem_sub_system(mmid))
+		dev_dbg(get_mem_sub_system(mmid)->dev,
+			"access: %s: Enter addr = 0x%llx data = 0x%zx\n",
+			__func__, (unsigned long long)addr, bytes);
 
 	memset((void *)(unsigned long)addr, 0, bytes);
 	clflush_cache_range((void *)(unsigned long)addr, bytes);
@@ -431,8 +442,9 @@ u8 shared_memory_load_8(unsigned int mmid, u64 addr)
 {
 	u8 data = 0;
 
-	dev_dbg(get_mem_sub_system(mmid)->dev,
-		"access: %s: Enter addr = 0x%llx\n", __func__, addr);
+	if (get_mem_sub_system(mmid))
+		dev_dbg(get_mem_sub_system(mmid)->dev,
+			"access: %s: Enter addr = 0x%llx\n", __func__, addr);
 
 	/* Invalidate the cache lines to flush the content to ddr. */
 	clflush_cache_range((void *)(unsigned long)addr, sizeof(u8));
@@ -448,8 +460,9 @@ u16 shared_memory_load_16(unsigned int mmid, u64 addr)
 {
 	u16 data = 0;
 
-	dev_dbg(get_mem_sub_system(mmid)->dev,
-		"access: %s: Enter addr = 0x%llx\n", __func__, addr);
+	if (get_mem_sub_system(mmid))
+		dev_dbg(get_mem_sub_system(mmid)->dev,
+			"access: %s: Enter addr = 0x%llx\n", __func__, addr);
 
 	/* Invalidate the cache lines to flush the content to ddr. */
 	clflush_cache_range((void *)(unsigned long)addr, sizeof(u16));
@@ -465,8 +478,9 @@ u32 shared_memory_load_32(unsigned int mmid, u64 addr)
 {
 	u32 data = 0;
 
-	dev_dbg(get_mem_sub_system(mmid)->dev,
-		"access: %s: Enter addr = 0x%llx\n", __func__, addr);
+	if (get_mem_sub_system(mmid))
+		dev_dbg(get_mem_sub_system(mmid)->dev,
+			"access: %s: Enter addr = 0x%llx\n", __func__, addr);
 
 	/* Invalidate the cache lines to flush the content to ddr. */
 	clflush_cache_range((void *)(unsigned long)addr, sizeof(u32));
@@ -480,11 +494,12 @@ u32 shared_memory_load_32(unsigned int mmid, u64 addr)
  */
 void shared_memory_load(unsigned int mmid, u64 addr, void *data, size_t bytes)
 {
-	dev_dbg(get_mem_sub_system(mmid)->dev,
-		"access: %s: Enter addr = 0x%lx bytes = 0x%zx\n", __func__,
-		(unsigned long)addr, bytes);
+	if (get_mem_sub_system(mmid))
+		dev_dbg(get_mem_sub_system(mmid)->dev,
+			"access: %s: Enter addr = 0x%lx bytes = 0x%zx\n", __func__,
+			(unsigned long)addr, bytes);
 
-	if (!data) {
+	if (!data && get_mem_sub_system(mmid)) {
 		dev_err(get_mem_sub_system(mmid)->dev,
 			"%s: data ptr is null\n", __func__);
 
@@ -514,6 +529,10 @@ void ipu_wrapper_init(int mmid, struct device *dev, void __iomem *base)
 {
 	struct wrapper_base *sys = get_mem_sub_system(mmid);
 
+	if (!sys) {
+                pr_err("Invalid mem subsystem, return. mmid=%d", mmid);
+                return;
+        }
 	init_wrapper(sys);
 	sys->dev = dev;
 	sys->sys_base = base;
-- 
https://clearlinux.org