soc: qcom: hab: fix some NULL pointer dereference issues

With this patch, some potential NULL pointer dereference
issues are resolved. For example, if an invalid MMID
(MultiMedia ID defined by HAB driver) is gotten but we
fail to directly return with an error, the vchan variable
as NULL pointer will be dereferenced.

Change-Id: I92f9c5d08f99ef9db3e6a8b2ecdc0f074c8e8bff
Signed-off-by: Yong Ding <yongding@codeaurora.org>

diff --git a/drivers/soc/qcom/hab/hab.c b/drivers/soc/qcom/hab/hab.c
index ef249bc..53045fc 100644 (file)
--- a/drivers/soc/qcom/hab/hab.c
+++ b/drivers/soc/qcom/hab/hab.c
@@ -283,7 +283,7 @@ struct virtual_channel *frontend_open(struct uhab_context *ctx,
                pr_err("vchan alloc failed\n");
                ret = -ENOMEM;
                goto err;
-       } else
+       }
 
        /* Send Init sequence */
        hab_open_request_init(&request, HAB_PAYLOAD_TYPE_INIT, pchan,
@@ -667,6 +667,7 @@ int hab_vchan_open(struct uhab_context *ctx,
                        }
                } else {
                        pr_err("failed to find device, mmid %d\n", mmid);
+                       return -ENODEV;
                }
        }
 

diff --git a/drivers/soc/qcom/hab/qvm_comm.c b/drivers/soc/qcom/hab/qvm_comm.c
index 0438123..2257be0 100644 (file)
--- a/drivers/soc/qcom/hab/qvm_comm.c
+++ b/drivers/soc/qcom/hab/qvm_comm.c
@@ -70,9 +70,14 @@ int physical_channel_send(struct physical_channel *pchan,
                struct habmm_xing_vm_stat *pstat =
                        (struct habmm_xing_vm_stat *)payload;
 
-               do_gettimeofday(&tv);
-               pstat->tx_sec = tv.tv_sec;
-               pstat->tx_usec = tv.tv_usec;
+               if (pstat) {
+                       do_gettimeofday(&tv);
+                       pstat->tx_sec = tv.tv_sec;
+                       pstat->tx_usec = tv.tv_usec;
+               } else {
+                       spin_unlock_bh(&dev->io_lock);
+                       return -EINVAL;
+               }
        }
 
        if (sizebytes) {