192 lines
6.8 KiB
Diff
192 lines
6.8 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: "Wood, Brian J" <brian.j.wood@intel.com>
|
|
Date: Fri, 15 Mar 2019 11:37:47 -0700
|
|
Subject: [PATCH] media: pci: improper use of pointer before verified as valid
|
|
|
|
This fixes multiple uses of pointers before they've been
|
|
verified as having non-NULL value.
|
|
|
|
Tracked-On:PKT-1816
|
|
|
|
Change-Id: Ic9c4857d820e5a7362af97de290776df6f9335c2
|
|
Signed-off-by: Wood, Brian J <brian.j.wood@intel.com>
|
|
---
|
|
drivers/media/pci/intel/ipu-wrapper.c | 75 +++++++++++++++++----------
|
|
1 file changed, 47 insertions(+), 28 deletions(-)
|
|
|
|
diff --git a/drivers/media/pci/intel/ipu-wrapper.c b/drivers/media/pci/intel/ipu-wrapper.c
|
|
index 047c1f2..f2a70cb 100644
|
|
--- a/drivers/media/pci/intel/ipu-wrapper.c
|
|
+++ b/drivers/media/pci/intel/ipu-wrapper.c
|
|
@@ -224,7 +224,8 @@ u64 shared_memory_alloc(unsigned int mmid, size_t bytes)
|
|
struct my_css_memory_buffer_item *buf;
|
|
unsigned long flags;
|
|
|
|
- dev_dbg(mine->dev, "%s: in, size: %zu\n", __func__, bytes);
|
|
+ if (mine)
|
|
+ dev_dbg(mine->dev, "%s: in, size: %zu\n", __func__, bytes);
|
|
|
|
if (!bytes)
|
|
return (unsigned long)&alloc_cookie;
|
|
@@ -267,6 +268,11 @@ void shared_memory_free(unsigned int mmid, u64 addr)
|
|
struct my_css_memory_buffer_item *buf = NULL;
|
|
unsigned long flags;
|
|
|
|
+ if (!mine) {
|
|
+ pr_err("Invalid mem subsystem, return. mmid=%d", mmid);
|
|
+ return;
|
|
+ }
|
|
+
|
|
if ((void *)(unsigned long)addr == &alloc_cookie)
|
|
return;
|
|
|
|
@@ -308,7 +314,7 @@ u32 shared_memory_map(unsigned int ssid, unsigned int mmid, u64 addr)
|
|
unsigned long flags;
|
|
|
|
if (!mine) {
|
|
- pr_err("Invalid mem subsystem, return NULL");
|
|
+ pr_err("Invalid mem subsystem, return NULL. mmid=%d", mmid);
|
|
return NULL;
|
|
}
|
|
|
|
@@ -343,9 +349,10 @@ void shared_memory_unmap(unsigned int ssid, unsigned int mmid, u32 addr)
|
|
*/
|
|
void shared_memory_store_8(unsigned int mmid, u64 addr, u8 data)
|
|
{
|
|
- dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
- "access: %s: Enter addr = 0x%llx data = 0x%x\n",
|
|
- __func__, addr, data);
|
|
+ if (get_mem_sub_system(mmid))
|
|
+ dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
+ "access: %s: Enter addr = 0x%llx data = 0x%x\n",
|
|
+ __func__, addr, data);
|
|
|
|
*((u8 *)(unsigned long) addr) = data;
|
|
/*Invalidate the cache lines to flush the content to ddr. */
|
|
@@ -358,9 +365,10 @@ void shared_memory_store_8(unsigned int mmid, u64 addr, u8 data)
|
|
*/
|
|
void shared_memory_store_16(unsigned int mmid, u64 addr, u16 data)
|
|
{
|
|
- dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
- "access: %s: Enter addr = 0x%llx data = 0x%x\n",
|
|
- __func__, addr, data);
|
|
+ if (get_mem_sub_system(mmid))
|
|
+ dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
+ "access: %s: Enter addr = 0x%llx data = 0x%x\n",
|
|
+ __func__, addr, data);
|
|
|
|
*((u16 *)(unsigned long) addr) = data;
|
|
/*Invalidate the cache lines to flush the content to ddr. */
|
|
@@ -373,9 +381,10 @@ void shared_memory_store_16(unsigned int mmid, u64 addr, u16 data)
|
|
*/
|
|
void shared_memory_store_32(unsigned int mmid, u64 addr, u32 data)
|
|
{
|
|
- dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
- "access: %s: Enter addr = 0x%llx data = 0x%x\n",
|
|
- __func__, addr, data);
|
|
+ if (get_mem_sub_system(mmid))
|
|
+ dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
+ "access: %s: Enter addr = 0x%llx data = 0x%x\n",
|
|
+ __func__, addr, data);
|
|
|
|
*((u32 *)(unsigned long) addr) = data;
|
|
/* Invalidate the cache lines to flush the content to ddr. */
|
|
@@ -389,11 +398,12 @@ void shared_memory_store_32(unsigned int mmid, u64 addr, u32 data)
|
|
void shared_memory_store(unsigned int mmid, u64 addr, const void *data,
|
|
size_t bytes)
|
|
{
|
|
- dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
- "access: %s: Enter addr = 0x%lx bytes = 0x%zx\n", __func__,
|
|
- (unsigned long)addr, bytes);
|
|
+ if (get_mem_sub_system(mmid))
|
|
+ dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
+ "access: %s: Enter addr = 0x%lx bytes = 0x%zx\n", __func__,
|
|
+ (unsigned long)addr, bytes);
|
|
|
|
- if (!data) {
|
|
+ if (!data && get_mem_sub_system(mmid)) {
|
|
dev_err(get_mem_sub_system(mmid)->dev,
|
|
"%s: data ptr is null\n", __func__);
|
|
} else {
|
|
@@ -415,9 +425,10 @@ void shared_memory_store(unsigned int mmid, u64 addr, const void *data,
|
|
*/
|
|
void shared_memory_zero(unsigned int mmid, u64 addr, size_t bytes)
|
|
{
|
|
- dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
- "access: %s: Enter addr = 0x%llx data = 0x%zx\n",
|
|
- __func__, (unsigned long long)addr, bytes);
|
|
+ if (get_mem_sub_system(mmid))
|
|
+ dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
+ "access: %s: Enter addr = 0x%llx data = 0x%zx\n",
|
|
+ __func__, (unsigned long long)addr, bytes);
|
|
|
|
memset((void *)(unsigned long)addr, 0, bytes);
|
|
clflush_cache_range((void *)(unsigned long)addr, bytes);
|
|
@@ -431,8 +442,9 @@ u8 shared_memory_load_8(unsigned int mmid, u64 addr)
|
|
{
|
|
u8 data = 0;
|
|
|
|
- dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
- "access: %s: Enter addr = 0x%llx\n", __func__, addr);
|
|
+ if (get_mem_sub_system(mmid))
|
|
+ dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
+ "access: %s: Enter addr = 0x%llx\n", __func__, addr);
|
|
|
|
/* Invalidate the cache lines to flush the content to ddr. */
|
|
clflush_cache_range((void *)(unsigned long)addr, sizeof(u8));
|
|
@@ -448,8 +460,9 @@ u16 shared_memory_load_16(unsigned int mmid, u64 addr)
|
|
{
|
|
u16 data = 0;
|
|
|
|
- dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
- "access: %s: Enter addr = 0x%llx\n", __func__, addr);
|
|
+ if (get_mem_sub_system(mmid))
|
|
+ dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
+ "access: %s: Enter addr = 0x%llx\n", __func__, addr);
|
|
|
|
/* Invalidate the cache lines to flush the content to ddr. */
|
|
clflush_cache_range((void *)(unsigned long)addr, sizeof(u16));
|
|
@@ -465,8 +478,9 @@ u32 shared_memory_load_32(unsigned int mmid, u64 addr)
|
|
{
|
|
u32 data = 0;
|
|
|
|
- dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
- "access: %s: Enter addr = 0x%llx\n", __func__, addr);
|
|
+ if (get_mem_sub_system(mmid))
|
|
+ dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
+ "access: %s: Enter addr = 0x%llx\n", __func__, addr);
|
|
|
|
/* Invalidate the cache lines to flush the content to ddr. */
|
|
clflush_cache_range((void *)(unsigned long)addr, sizeof(u32));
|
|
@@ -480,11 +494,12 @@ u32 shared_memory_load_32(unsigned int mmid, u64 addr)
|
|
*/
|
|
void shared_memory_load(unsigned int mmid, u64 addr, void *data, size_t bytes)
|
|
{
|
|
- dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
- "access: %s: Enter addr = 0x%lx bytes = 0x%zx\n", __func__,
|
|
- (unsigned long)addr, bytes);
|
|
+ if (get_mem_sub_system(mmid))
|
|
+ dev_dbg(get_mem_sub_system(mmid)->dev,
|
|
+ "access: %s: Enter addr = 0x%lx bytes = 0x%zx\n", __func__,
|
|
+ (unsigned long)addr, bytes);
|
|
|
|
- if (!data) {
|
|
+ if (!data && get_mem_sub_system(mmid)) {
|
|
dev_err(get_mem_sub_system(mmid)->dev,
|
|
"%s: data ptr is null\n", __func__);
|
|
|
|
@@ -514,6 +529,10 @@ void ipu_wrapper_init(int mmid, struct device *dev, void __iomem *base)
|
|
{
|
|
struct wrapper_base *sys = get_mem_sub_system(mmid);
|
|
|
|
+ if (!sys) {
|
|
+ pr_err("Invalid mem subsystem, return. mmid=%d", mmid);
|
|
+ return;
|
|
+ }
|
|
init_wrapper(sys);
|
|
sys->dev = dev;
|
|
sys->sys_base = base;
|
|
--
|
|
https://clearlinux.org
|
|
|