Patch "firmware: arm_ffa: Check xa_load() return value" has been added to the 6.7-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 29 Jan 2024 08:32:24 -0500

This is a note to let you know that I've just added the patch titled

    firmware: arm_ffa: Check xa_load() return value

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     firmware-arm_ffa-check-xa_load-return-value.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 407375a011519fd5f951fd8b62627a95fc6022bb
Author: Cristian Marussi <cristian.marussi@xxxxxxx>
Date:   Mon Jan 8 12:34:13 2024 +0000

    firmware: arm_ffa: Check xa_load() return value
    
    [ Upstream commit c00d9738fd5fce15dc5494d05b7599dce23e8146 ]
    
    Add a check to verify the result of xa_load() during the partition
    lookups done while registering/unregistering the scheduler receiver
    interrupt callbacks and while executing the main scheduler receiver
    interrupt callback handler.
    
    Fixes: 0184450b8b1e ("firmware: arm_ffa: Add schedule receiver callback mechanism")
    Signed-off-by: Cristian Marussi <cristian.marussi@xxxxxxx>
    Link: https://lore.kernel.org/r/20240108-ffa_fixes_6-8-v1-3-75bf7035bc50@xxxxxxx
    Signed-off-by: Sudeep Holla <sudeep.holla@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/firmware/arm_ffa/driver.c b/drivers/firmware/arm_ffa/driver.c
index 8df92c9521f4..0ea1dd6e55c4 100644
--- a/drivers/firmware/arm_ffa/driver.c
+++ b/drivers/firmware/arm_ffa/driver.c
@@ -733,6 +733,11 @@ static void __do_sched_recv_cb(u16 part_id, u16 vcpu, bool is_per_vcpu)
 	void *cb_data;
 
 	partition = xa_load(&drv_info->partition_info, part_id);
+	if (!partition) {
+		pr_err("%s: Invalid partition ID 0x%x\n", __func__, part_id);
+		return;
+	}
+
 	read_lock(&partition->rw_lock);
 	callback = partition->callback;
 	cb_data = partition->cb_data;
@@ -915,6 +920,11 @@ static int ffa_sched_recv_cb_update(u16 part_id, ffa_sched_recv_cb callback,
 		return -EOPNOTSUPP;
 
 	partition = xa_load(&drv_info->partition_info, part_id);
+	if (!partition) {
+		pr_err("%s: Invalid partition ID 0x%x\n", __func__, part_id);
+		return -EINVAL;
+	}
+
 	write_lock(&partition->rw_lock);
 
 	cb_valid = !!partition->callback;







