diff options
author | Cristian Marussi <cristian.marussi@arm.com> | 2024-10-21 19:15:44 +0200 |
---|---|---|
committer | Sudeep Holla <sudeep.holla@arm.com> | 2024-10-22 10:55:28 +0200 |
commit | a0a18e91eb3a6ef75a6de69dc00f206b913e3848 (patch) | |
tree | 888d1a11399a3915b98cac17ce3b28a4f18d141d | |
parent | firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (diff) | |
download | linux-a0a18e91eb3a6ef75a6de69dc00f206b913e3848.tar.xz linux-a0a18e91eb3a6ef75a6de69dc00f206b913e3848.zip |
firmware: arm_scmi: Reject clear channel request on A2P
The clear channel transport operation is supposed to be called exclusively
on the P2A channel from the agent, since it relinquishes the ownership of
the channel to the platform, after this latter has initiated some sort of
P2A communication.
Make sure that, if it is ever called on a A2P, is logged and ignored.
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Message-Id: <20241021171544.2579551-1-cristian.marussi@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
-rw-r--r-- | drivers/firmware/arm_scmi/common.h | 2 | ||||
-rw-r--r-- | drivers/firmware/arm_scmi/driver.c | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/drivers/firmware/arm_scmi/common.h b/drivers/firmware/arm_scmi/common.h index 6d9227db473f..c52ed6c64006 100644 --- a/drivers/firmware/arm_scmi/common.h +++ b/drivers/firmware/arm_scmi/common.h @@ -163,6 +163,7 @@ void scmi_protocol_release(const struct scmi_handle *handle, u8 protocol_id); * used to initialize this channel * @dev: Reference to device in the SCMI hierarchy corresponding to this * channel + * @is_p2a: A flag to identify a channel as P2A (RX) * @rx_timeout_ms: The configured RX timeout in milliseconds. * @handle: Pointer to SCMI entity handle * @no_completion_irq: Flag to indicate that this channel has no completion @@ -174,6 +175,7 @@ void scmi_protocol_release(const struct scmi_handle *handle, u8 protocol_id); struct scmi_chan_info { int id; struct device *dev; + bool is_p2a; unsigned int rx_timeout_ms; struct scmi_handle *handle; bool no_completion_irq; diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c index a477b5ade38d..5bd4cc68a3e3 100644 --- a/drivers/firmware/arm_scmi/driver.c +++ b/drivers/firmware/arm_scmi/driver.c @@ -1048,6 +1048,11 @@ static inline void scmi_xfer_command_release(struct scmi_info *info, static inline void scmi_clear_channel(struct scmi_info *info, struct scmi_chan_info *cinfo) { + if (!cinfo->is_p2a) { + dev_warn(cinfo->dev, "Invalid clear on A2P channel !\n"); + return; + } + if (info->desc->ops->clear_channel) info->desc->ops->clear_channel(cinfo); } @@ -2638,6 +2643,7 @@ static int scmi_chan_setup(struct scmi_info *info, struct device_node *of_node, if (!cinfo) return -ENOMEM; + cinfo->is_p2a = !tx; cinfo->rx_timeout_ms = info->desc->max_rx_timeout_ms; /* Create a unique name for this transport device */ |