Commit 3862c92e authored Aug 21, 2024 by Aleksandr Mishin Committed by liwei Aug 21, 2024

remoteproc: imx_rproc: Skip over memory region when node value is NULL

mainline inclusion
from mainline-v6.11-rc1
commit 2fa26ca8b786888673689ccc9da6094150939982
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKQ5U
CVE: CVE-2024-43860

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2fa26ca8b786888673689ccc9da6094150939982



--------------------------------

In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts
number of phandles. But phandles may be empty. So of_parse_phandle() in
the parsing loop (0 < a < nph) may return NULL which is later dereferenced.
Adjust this issue by adding NULL-return check.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: a0ff4aa6 ("remoteproc: imx_rproc: add a NXP/Freescale imx_rproc driver")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240606075204.12354-1-amishin@t-argos.ru


[Fixed title to fit within the prescribed 70-75 charcters]
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Conflicts:
        drivers/remoteproc/imx_rproc.c
[context conflict]
Signed-off-by: dengquan <dengquan9@huawei.com>

parent 62c2bdd0

drivers/remoteproc/imx_rproc.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -287,6 +287,8 @@ static int imx_rproc_addr_init(struct imx_rproc *priv,
		struct resource res;

		node = of_parse_phandle(np, "memory-region", a);
		if (!node)
		continue;
		err = of_address_to_resource(node, 0, &res);
		if (err) {
		dev_err(dev, "unable to resolve memory region\n");