From nobody Mon Feb 9 16:45:56 2026 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 276B8331209 for ; Thu, 15 Jan 2026 08:29:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768465779; cv=none; b=RUz4zyMLxXu1e9WcnMP5gD4WDMgXR7eA6sCj6/WSuoGyfpbhtnAot45ZeYpB2h/2tfpDyAtz2av21pa8icHmlAzs8LU2X8zXN1FK7slm9FDZSubmBA480SU85fULMDndKtBRHdH3mbtqW8/svhEjKmCFdMal4DvLqivwZ6zzpXw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768465779; c=relaxed/simple; bh=b73oRmsUcCEr+kAZMeuVAMxNJUAgmIX9NK3DcBwLVN4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=EuRucwKJqvOghVyNs9FC/lCdFRczx29FqpFbF6QFd8mliGnSVXjexi/O8lmvVjslTy63WoqhH5CdvWqY6pMSeb6FyP4jqGz68NZ1wTMyT9KU+w/D16xoT6wPbvY7/TGMLYV3AvRRlhVmjw6IMrA7Q/UYDthtK2v9SjPSSwzP6So= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=afbY9jeP; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b=Y6BBlPgz; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="afbY9jeP"; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b="Y6BBlPgz" Received: from pps.filterd (m0279865.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 60F6fl971850921 for ; Thu, 15 Jan 2026 08:29:31 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=qcppdkim1; bh=gXRRzI8PFSG Xkse4fblghbMDCYBL2rAyR0rE6A7MHy0=; b=afbY9jePQLJ4T8Riy9B6Fz6uBKl 9aJtbGD5R+Gx9wsLEotDYHrdQMhqjlLFvk4XxvKxmQfEk+3NMteHJ6ko3XKi33dU lCeHLZxtfJW174Eg/bmF6gmbYTqfDmPd2TyQdFSEmTnrQDLcEBbDvtDzDAPbU9Td geTNliMi5lgOILPcKXmLRY+hr+XwvjrgNQ3+btaVxCuhoobC1GHYw33JaSX0QRjL A//cpllfpTxDz+x8qe5RqiJdWLPw6iNNNerk946RMqEt0axc7oobAcdZ+6z/aQSD gVFy6qjEjT5WYR0sIy8U3MU8JxV3e0v7Rxyu1+6EEsZh76tcHT0Kh2Z5WyA== Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4bprej0q03-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Thu, 15 Jan 2026 08:29:31 +0000 (GMT) Received: by mail-pf1-f197.google.com with SMTP id d2e1a72fcca58-81e9d0c656fso1419063b3a.0 for ; Thu, 15 Jan 2026 00:29:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1768465771; x=1769070571; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gXRRzI8PFSGXkse4fblghbMDCYBL2rAyR0rE6A7MHy0=; b=Y6BBlPgzJIoJuXD/RKAL/P/GTWK6MGxq6MDEH2mvKPLWi1x/qBlNtOYfEi8vYwWYmx 03c0yDBJL7rJNVoGxj3gwsuPxhnar1fjEtpKihCWN8hyDwYPcNUGWwMYh8bJ4CRpqXv7 K2Wldw6lljizuhkK0QDrYnaeDnJU5QpeGny7ShJm77MmD6RC+2njsaQyKBFM23fUeNtr aJoxb6iZ0xXClYWkeuDGMJFgyF7jlF/aS5l2m2Ik5YMHxZ3pYfNWW5MbSislclkFA5zi KrBzo1RVREpWFh2XwzF03+Qph+1UWVMtIoWhf1jEuI0Ds483VJZkfEZXVFltXb3e1R4S 87QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768465771; x=1769070571; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=gXRRzI8PFSGXkse4fblghbMDCYBL2rAyR0rE6A7MHy0=; b=Xf0wjN5kILOcMubrb/Yb5XVR535zIzpC+cTPSnto2jRg1FiJrMC6ntsebiXoO91v1h gpigW9IsfMtLEU4gbqciDQfehBlhaFb4li+191G+N9f/yGLaEy2a2Y+dEpugbsaapc+L oamQLNZ4A+YvwTnCvooFDUH/id3ZITKQkkBa7R0m7INtj1/7e3xkTelqSUC5u3r0faUW JZTsVvKXdMAoN7tpPiAlI/VLrgGyIAIXST9Xdds0fJFkjR3N79UP6R3WzHRoBN5SlXE1 sS/OGOZwah0WvPm7TQfANWBkwMk2V62ikW9eu52R5khnwFbz5bfir+Hf+xU/HgLn2nDS daUA== X-Forwarded-Encrypted: i=1; AJvYcCW+odCrb8of0nNkyGSaI82c43ajsbR53pp6Q7YspMbxDoPDl47rOKj+ufi4NcRbMJ2AngYN7UPE6KA/tVQ=@vger.kernel.org X-Gm-Message-State: AOJu0YxZOO4LYveuR/aNSrQxN/KIEQ52w5waNZUeYSk0ETHo1O2EGNFi LbPBbh6glPZfxNgrZ9w7H4e+Vow6ir37d6SWlRUNh6xI/cvFUgdlrrzxdAKehK5yd0KOS6W4WuW PtZJzYW0alNUkCVMSy3FqIdRV13pghY6drlFSlkS0eG9ZAc9m+IZfbypePK9XfY6EQcw= X-Gm-Gg: AY/fxX5JBsmOgjcHyscEMTIhWZ5ado3kXPEVQn8wDbyjoqYUB11JbZPVtb+jIqUjtY6 IFZkUZO8NC8uHxBF/wqv4VhUK3YQNQpp5s/tO6Q/s+Nn779LdrmSOWs3m62aCiGMvVkZKj3oIUP gbX5fOVZCZ/B26XTkxd2ofYS6wZPz16PvCUKpd+PQeCXLGRxjyHil3bk7bnEd8zl4N+e8tfvkNG OPGjTeIr8LxLntPcV92z+IXnmdaGYajKk0AxSF9LQ4A7a9A89yIyticdUGhSRro1wqjz8kEbMLY Fn6MWFMc+1p0rDABRlnWvj+Kbt58Ki/Kib/pHNT+ydx700rMzuFou5LnmPFy+klow0f5ufCXpxU Pj1fIHTup0c9RW6g+gzkXOYG/7AE8GzcN6Xg5uwCw X-Received: by 2002:a05:6a00:349a:b0:81e:c91c:70c5 with SMTP id d2e1a72fcca58-81f83cc6427mr4776803b3a.29.1768465771059; Thu, 15 Jan 2026 00:29:31 -0800 (PST) X-Received: by 2002:a05:6a00:349a:b0:81e:c91c:70c5 with SMTP id d2e1a72fcca58-81f83cc6427mr4776785b3a.29.1768465770602; Thu, 15 Jan 2026 00:29:30 -0800 (PST) Received: from QCOM-SocCW5bzXR.qualcomm.com ([202.46.23.19]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-81f8e69d1e7sm1773296b3a.58.2026.01.15.00.29.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Jan 2026 00:29:30 -0800 (PST) From: Jianping Li To: srini@kernel.org, amahesh@qti.qualcomm.com, arnd@arndb.de, gregkh@linuxfoundation.org, linux-arm-msm@vger.kernel.org Cc: Ekansh Gupta , thierry.escande@linaro.org, abelvesa@kernel.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, quic_chennak@quicinc.com, stable@kernel.org, Jianping Li Subject: [PATCH v2 1/4] misc: fastrpc: Add NULL check to fastrpc_buf_free to prevent crash Date: Thu, 15 Jan 2026 16:28:48 +0800 Message-Id: <20260115082851.570-2-jianping.li@oss.qualcomm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260115082851.570-1-jianping.li@oss.qualcomm.com> References: <20260115082851.570-1-jianping.li@oss.qualcomm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTE1MDA1NyBTYWx0ZWRfXz43hPPovj2BK gbsMhW6/TJvmpcVguJ/BGTuoQWMt4ISyLPe6Uu4IGQicgLcODEqkMGyF9r5wRUDGIsp0/+tGJUd s4HEOLn2VN3Ppk4Waty55RbG1ulMtXO0gkDfaKCycOWiDOAQnHKWX1tqVjOMbczTGABEC4UzWyE 3Jm95wPTxlzutizFIzOu6kb5F052t8RqYIefV3tRxwvoMwV9/Ao6SH63CFbkRO21k7e0e4S5epq DNPh3iDnq/vKvD/vRd1QaVYOvQczcT/3juItHWv1HlV0MZaRBiEriYRg+6GOAesZ/87qMwERTtl 3nh+4aELYN3v+xpIasHqvkfRGHJoRnUsGOmmmh5tgv4EZ01WRTyYQ+h4QpBIXeYAzeTGNeyYrnh 4u8CLBg6Ovyq5EV0+q8jAR7d8On43UmkQi/1xM1Ddi1f7zocky9o1G5NwWaaSfQM8qUXYWYRkYe 0zItr0fGFyJH8m8skiQ== X-Proofpoint-ORIG-GUID: lB5LzA-Uqzm-6yToTbEPWfgGfcDttPrA X-Authority-Analysis: v=2.4 cv=Rc+dyltv c=1 sm=1 tr=0 ts=6968a56b cx=c_pps a=rEQLjTOiSrHUhVqRoksmgQ==:117 a=j4ogTh8yFefVWWEFDRgCtg==:17 a=vUbySO9Y5rIA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=EUspDBNiAAAA:8 a=VwQbUJbxAAAA:8 a=ZnmZ8TzD_GdZzTgawW0A:9 a=2VI0MkxyNR6bbpdq8BZq:22 X-Proofpoint-GUID: lB5LzA-Uqzm-6yToTbEPWfgGfcDttPrA X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2026-01-15_02,2026-01-14_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 adultscore=0 spamscore=0 suspectscore=0 priorityscore=1501 clxscore=1011 bulkscore=0 malwarescore=0 phishscore=0 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2512120000 definitions=main-2601150057 Content-Type: text/plain; charset="utf-8" From: Ekansh Gupta The fastrpc_buf_free function currently does not handle the case where the input buffer pointer (buf) is NULL. This can lead to a null pointer dereference, causing a crash or undefined behavior when the function attempts to access members of the buf structure. Add a NULL check to ensure safe handling of NULL pointers and prevent potential crashes. Fixes: c68cfb718c8f9 ("misc: fastrpc: Add support for context Invoke method= ") Cc: stable@kernel.org Co-developed-by: Ekansh Gupta Signed-off-by: Ekansh Gupta Signed-off-by: Jianping Li --- drivers/misc/fastrpc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index 4f5a79c50f58..515a43c9d95d 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -414,6 +414,9 @@ static int fastrpc_map_lookup(struct fastrpc_user *fl, = int fd, =20 static void fastrpc_buf_free(struct fastrpc_buf *buf) { + if (!buf) + return; + dma_free_coherent(buf->dev, buf->size, buf->virt, fastrpc_ipa_to_dma_addr(buf->fl->cctx, buf->dma_addr)); kfree(buf); @@ -510,8 +513,7 @@ static void fastrpc_context_free(struct kref *ref) for (i =3D 0; i < ctx->nbufs; i++) fastrpc_map_put(ctx->maps[i]); =20 - if (ctx->buf) - fastrpc_buf_free(ctx->buf); + fastrpc_buf_free(ctx->buf); =20 spin_lock_irqsave(&cctx->lock, flags); idr_remove(&cctx->ctx_idr, ctx->ctxid >> 4); @@ -1591,8 +1593,7 @@ static int fastrpc_device_release(struct inode *inode= , struct file *file) list_del(&fl->user); spin_unlock_irqrestore(&cctx->lock, flags); =20 - if (fl->init_mem) - fastrpc_buf_free(fl->init_mem); + fastrpc_buf_free(fl->init_mem); =20 list_for_each_entry_safe(ctx, n, &fl->pending, node) { list_del(&ctx->node); @@ -2492,8 +2493,7 @@ static void fastrpc_rpmsg_remove(struct rpmsg_device = *rpdev) list_for_each_entry_safe(buf, b, &cctx->invoke_interrupted_mmaps, node) list_del(&buf->node); =20 - if (cctx->remote_heap) - fastrpc_buf_free(cctx->remote_heap); + fastrpc_buf_free(cctx->remote_heap); =20 of_platform_depopulate(&rpdev->dev); =20 --=20 2.43.0