Patch "staging: vc04_services: vchiq_core: Log through struct vchiq_instance" has been added to the 6.7-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 22 Jan 2024 17:56:25 -0500

This is a note to let you know that I've just added the patch titled

    staging: vc04_services: vchiq_core: Log through struct vchiq_instance

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     staging-vc04_services-vchiq_core-log-through-struct-.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 59ac0d1a9b18e35ca52fab95ebd8f9c0efb61ab0
Author: Umang Jain <umang.jain@xxxxxxxxxxxxxxxx>
Date:   Wed Nov 29 01:48:45 2023 +0530

    staging: vc04_services: vchiq_core: Log through struct vchiq_instance
    
    [ Upstream commit f9c42898830383aff4fdc723828fa93a6abec02d ]
    
    The handle_to_service() helper can return NULL, so `service` pointer
    can indeed be set to NULL. So, do not log through service pointer
    (which can cause NULL-deference), instead, use the vchiq_instance
    function argument to get access to the struct device.
    
    Fixes: f67af5940d6d ("staging: vc04: Convert(and rename) vchiq_log_info() to use dynamic debug")
    Reviewed-by: Ricardo B. Marliere <ricardo@xxxxxxxxxxxx>
    Signed-off-by: Umang Jain <umang.jain@xxxxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20231128201845.489237-1-umang.jain@xxxxxxxxxxxxxxxx
    Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
index 39b857da2d42..8a9eb0101c2e 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
@@ -245,7 +245,7 @@ find_service_by_handle(struct vchiq_instance *instance, unsigned int handle)
 		return service;
 	}
 	rcu_read_unlock();
-	vchiq_log_debug(service->state->dev, VCHIQ_CORE,
+	vchiq_log_debug(instance->state->dev, VCHIQ_CORE,
 			"Invalid service handle 0x%x", handle);
 	return NULL;
 }
@@ -287,7 +287,7 @@ find_service_for_instance(struct vchiq_instance *instance, unsigned int handle)
 		return service;
 	}
 	rcu_read_unlock();
-	vchiq_log_debug(service->state->dev, VCHIQ_CORE,
+	vchiq_log_debug(instance->state->dev, VCHIQ_CORE,
 			"Invalid service handle 0x%x", handle);
 	return NULL;
 }
@@ -310,7 +310,7 @@ find_closed_service_for_instance(struct vchiq_instance *instance, unsigned int h
 		return service;
 	}
 	rcu_read_unlock();
-	vchiq_log_debug(service->state->dev, VCHIQ_CORE,
+	vchiq_log_debug(instance->state->dev, VCHIQ_CORE,
 			"Invalid service handle 0x%x", handle);
 	return service;
 }







