diff --git a/drivers/platform/msm/ipa/ipa_v2/ipa_dp.c b/drivers/platform/msm/ipa/ipa_v2/ipa_dp.c index 93abbfe0e6ac..b7b609c85759 100644 --- a/drivers/platform/msm/ipa/ipa_v2/ipa_dp.c +++ b/drivers/platform/msm/ipa/ipa_v2/ipa_dp.c @@ -574,7 +574,7 @@ failure: for (j = 0; j < i; j++) { next_pkt = list_next_entry(tx_pkt, link); list_del(&tx_pkt->link); - if (desc[i].type != IPA_DATA_DESC_SKB_PAGED) { + if (desc[j].type != IPA_DATA_DESC_SKB_PAGED) { dma_unmap_single(ipa_ctx->pdev, tx_pkt->mem.phys_base, tx_pkt->mem.size, DMA_TO_DEVICE); @@ -586,7 +586,7 @@ failure: kmem_cache_free(ipa_ctx->tx_pkt_wrapper_cache, tx_pkt); tx_pkt = next_pkt; } - if (i < num_desc) + if (j < num_desc) /* last desc failed */ if (fail_dma_wrap) kmem_cache_free(ipa_ctx->tx_pkt_wrapper_cache, tx_pkt); diff --git a/drivers/platform/msm/ipa/ipa_v2/ipa_rm.c b/drivers/platform/msm/ipa/ipa_v2/ipa_rm.c index 0425a6356f02..ff93394a9363 100644 --- a/drivers/platform/msm/ipa/ipa_v2/ipa_rm.c +++ b/drivers/platform/msm/ipa/ipa_v2/ipa_rm.c @@ -994,11 +994,15 @@ void ipa_rm_perf_profile_change(enum ipa_rm_resource_name resource_name) old_volt = ipa_rm_ctx->prof_vote.curr_volt; old_bw = ipa_rm_ctx->prof_vote.curr_bw; - if (IPA_RM_RESORCE_IS_PROD(resource_name)) + if (IPA_RM_RESORCE_IS_PROD(resource_name)) { bw_ptr = &ipa_rm_ctx->prof_vote.bw_prods[resource_name]; - else + } else if (IPA_RM_RESORCE_IS_CONS(resource_name)) { bw_ptr = &ipa_rm_ctx->prof_vote.bw_cons[ resource_name - IPA_RM_RESOURCE_PROD_MAX]; + } else { + IPAERR("Invalid resource_name\n"); + return; + } switch (resource->state) { case IPA_RM_GRANTED: diff --git a/drivers/platform/msm/ipa/ipa_v2/ipa_uc_wdi.c b/drivers/platform/msm/ipa/ipa_v2/ipa_uc_wdi.c index f7148adb78a0..496e77bceb59 100644 --- a/drivers/platform/msm/ipa/ipa_v2/ipa_uc_wdi.c +++ b/drivers/platform/msm/ipa/ipa_v2/ipa_uc_wdi.c @@ -516,6 +516,10 @@ static int ipa_create_uc_smmu_mapping_sgt(struct sg_table *sgt, IPAERR("No SMMU CB setup\n"); return -EINVAL; } + if (!sgt) { + IPAERR("Bad parameters, scatter / gather list is NULL\n"); + return -EINVAL; + } for_each_sg(sgt->sgl, sg, sgt->nents, i) { phys = page_to_phys(sg_page(sg)); @@ -603,6 +607,11 @@ static void ipa_save_uc_smmu_mapping_sgt(int res_idx, struct sg_table *sgt, struct scatterlist *sg; unsigned long curr_iova = iova; + if (!sgt) { + IPAERR("Bad parameters, scatter / gather list is NULL\n"); + return; + } + wdi_res[res_idx].res = kcalloc(sgt->nents, sizeof(struct ipa_wdi_res), GFP_KERNEL); if (!wdi_res[res_idx].res) diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa_dp.c b/drivers/platform/msm/ipa/ipa_v3/ipa_dp.c index 66d22817b0dc..9d09caa6a43f 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa_dp.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa_dp.c @@ -92,6 +92,11 @@ static void ipa3_wq_write_done_common(struct ipa3_sys_context *sys, struct ipa3_tx_pkt_wrapper *next_pkt; int i, cnt; + if (unlikely(tx_pkt == NULL)) { + IPAERR("tx_pkt is NULL\n"); + return; + } + cnt = tx_pkt->cnt; IPADBG_LOW("cnt: %d\n", cnt); for (i = 0; i < cnt; i++) { @@ -640,7 +645,7 @@ failure: kmem_cache_free(ipa3_ctx->tx_pkt_wrapper_cache, tx_pkt); tx_pkt = next_pkt; } - if (i < num_desc) + if (j < num_desc) /* last desc failed */ if (fail_dma_wrap) kmem_cache_free(ipa3_ctx->tx_pkt_wrapper_cache, tx_pkt); diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa_flt.c b/drivers/platform/msm/ipa/ipa_v3/ipa_flt.c index a7c036887880..4044c28c96e0 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa_flt.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa_flt.c @@ -728,6 +728,11 @@ static bool ipa_flt_valid_lcl_tbl_size(enum ipa_ip_type ipt, { u16 avail; + if (!bdy) { + IPAERR("Bad parameters, bdy = NULL\n"); + return false; + } + if (ipt == IPA_IP_v4) avail = (rlt == IPA_RULE_HASHABLE) ? IPA_MEM_PART(apps_v4_flt_hash_size) : @@ -737,11 +742,11 @@ static bool ipa_flt_valid_lcl_tbl_size(enum ipa_ip_type ipt, IPA_MEM_PART(apps_v6_flt_hash_size) : IPA_MEM_PART(apps_v6_flt_nhash_size); - if (bdy && bdy->size <= avail) + if (bdy->size <= avail) return true; IPAERR("tbl too big, needed %d avail %d ipt %d rlt %d\n", - bdy->size, avail, ipt, rlt); + bdy->size, avail, ipt, rlt); return false; } diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa_mhi.c b/drivers/platform/msm/ipa/ipa_v3/ipa_mhi.c index 5a3f2fcbf652..fa18ff2e2be3 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa_mhi.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa_mhi.c @@ -1151,12 +1151,12 @@ static void ipa3_mhi_set_holb_on_dl_channels(bool enable, static int ipa3_mhi_suspend_gsi_channel(struct ipa3_mhi_channel_ctx *channel) { int res; - u32 clnt_hdl; + int clnt_hdl; IPA_MHI_FUNC_ENTRY(); clnt_hdl = ipa3_get_ep_mapping(channel->ep->client); - if (clnt_hdl == -1) + if (clnt_hdl < 0) return -EFAULT; res = ipa3_stop_gsi_channel(clnt_hdl); @@ -1180,12 +1180,12 @@ static int ipa3_mhi_suspend_gsi_channel(struct ipa3_mhi_channel_ctx *channel) static int ipa3_mhi_reset_gsi_channel(struct ipa3_mhi_channel_ctx *channel) { int res; - u32 clnt_hdl; + int clnt_hdl; IPA_MHI_FUNC_ENTRY(); clnt_hdl = ipa3_get_ep_mapping(channel->ep->client); - if (clnt_hdl == -1) + if (clnt_hdl < 0) return -EFAULT; res = ipa3_reset_gsi_channel(clnt_hdl); @@ -1528,6 +1528,7 @@ static int ipa_mhi_start_gsi_channel(struct ipa3_mhi_channel_ctx *channel, union __packed gsi_evt_scratch ev_scratch; struct gsi_chan_props ch_props; union __packed gsi_channel_scratch ch_scratch; + struct ipa_gsi_ep_config *ep_cfg; IPA_MHI_FUNC_ENTRY(); @@ -1539,7 +1540,11 @@ static int ipa_mhi_start_gsi_channel(struct ipa3_mhi_channel_ctx *channel, msi = ipa3_mhi_ctx->msi; ep = channel->ep; - + ep_cfg = ipa_get_gsi_ep_info(ipa_ep_idx); + if (!ep_cfg) { + IPA_MHI_ERR("Wrong parameter, ep_cfg is NULL\n"); + return -EPERM; + } IPA_MHI_DBG("reading ch/ev context from host\n"); res = ipa_mhi_read_ch_ctx(channel); if (res) { @@ -1599,8 +1604,7 @@ static int ipa_mhi_start_gsi_channel(struct ipa3_mhi_channel_ctx *channel, ch_props.prot = GSI_CHAN_PROT_MHI; ch_props.dir = IPA_CLIENT_IS_PROD(ep->client) ? GSI_CHAN_DIR_TO_GSI : GSI_CHAN_DIR_FROM_GSI; - ch_props.ch_id = - ipa_get_gsi_ep_info(ipa_ep_idx)->ipa_gsi_chan_num; + ch_props.ch_id = ep_cfg->ipa_gsi_chan_num; ch_props.evt_ring_hdl = channel->cached_gsi_evt_ring_hdl; ch_props.re_size = GSI_CHAN_RE_SIZE_16B; ch_props.ring_len = channel->ch_ctx_host.rlen; @@ -1626,9 +1630,8 @@ static int ipa_mhi_start_gsi_channel(struct ipa3_mhi_channel_ctx *channel, ch_scratch.mhi.ul_dl_sync_en = ipa3_cached_dl_ul_sync_info. params.isDlUlSyncEnabled; ch_scratch.mhi.assert_bit40 = ipa3_mhi_ctx->assert_bit40; - ch_scratch.mhi.max_outstanding_tre = - ipa_get_gsi_ep_info(ipa_ep_idx)->ipa_if_aos * - GSI_CHAN_RE_SIZE_16B; + ch_scratch.mhi.max_outstanding_tre = ep_cfg->ipa_if_aos * + GSI_CHAN_RE_SIZE_16B; ch_scratch.mhi.outstanding_threshold = 4 * GSI_CHAN_RE_SIZE_16B; res = gsi_write_channel_scratch(channel->ep->gsi_chan_hdl, diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa_rm.c b/drivers/platform/msm/ipa/ipa_v3/ipa_rm.c index 3ee117a8502d..662d2699a39a 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa_rm.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa_rm.c @@ -956,11 +956,15 @@ void ipa3_rm_perf_profile_change(enum ipa_rm_resource_name resource_name) old_volt = ipa3_rm_ctx->prof_vote.curr_volt; old_bw = ipa3_rm_ctx->prof_vote.curr_bw; - if (IPA_RM_RESORCE_IS_PROD(resource_name)) + if (IPA_RM_RESORCE_IS_PROD(resource_name)) { bw_ptr = &ipa3_rm_ctx->prof_vote.bw_prods[resource_name]; - else + } else if (IPA_RM_RESORCE_IS_CONS(resource_name)) { bw_ptr = &ipa3_rm_ctx->prof_vote.bw_cons[ resource_name - IPA_RM_RESOURCE_PROD_MAX]; + } else { + IPAERR("Invalid resource_name\n"); + return; + } switch (resource->state) { case IPA_RM_GRANTED: diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa_uc_mhi.c b/drivers/platform/msm/ipa/ipa_v3/ipa_uc_mhi.c index d5ea3ae6dcd9..ef884837afb0 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa_uc_mhi.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa_uc_mhi.c @@ -602,13 +602,15 @@ int ipa3_uc_mhi_init(void (*ready_cb)(void), void (*wakeup_request_cb)(void)) void ipa3_uc_mhi_cleanup(void) { + struct ipa3_uc_hdlrs null_hdlrs = { 0 }; + IPADBG("Enter\n"); if (!ipa3_uc_mhi_ctx) { IPAERR("ipa3_uc_mhi_ctx is not initialized\n"); return; } - ipa3_uc_register_handlers(IPA_HW_FEATURE_MHI, NULL); + ipa3_uc_register_handlers(IPA_HW_FEATURE_MHI, &null_hdlrs); kfree(ipa3_uc_mhi_ctx); ipa3_uc_mhi_ctx = NULL; diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa_uc_wdi.c b/drivers/platform/msm/ipa/ipa_v3/ipa_uc_wdi.c index dc069e15dd44..18784a64cf58 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa_uc_wdi.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa_uc_wdi.c @@ -510,6 +510,10 @@ static int ipa_create_uc_smmu_mapping_sgt(struct sg_table *sgt, IPAERR("No SMMU CB setup\n"); return -EINVAL; } + if (!sgt) { + IPAERR("Bad parameters, scatter / gather list is NULL\n"); + return -EINVAL; + } for_each_sg(sgt->sgl, sg, sgt->nents, i) { phys = page_to_phys(sg_page(sg)); @@ -597,6 +601,11 @@ static void ipa_save_uc_smmu_mapping_sgt(int res_idx, struct sg_table *sgt, struct scatterlist *sg; unsigned long curr_iova = iova; + if (!sgt) { + IPAERR("Bad parameters, scatter / gather list is NULL\n"); + return; + } + wdi_res[res_idx].res = kcalloc(sgt->nents, sizeof(struct ipa_wdi_res), GFP_KERNEL); if (!wdi_res[res_idx].res) diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa_utils.c b/drivers/platform/msm/ipa/ipa_v3/ipa_utils.c index 9400ddb2e30a..6b7fe50e554d 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa_utils.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa_utils.c @@ -1049,6 +1049,10 @@ bool ipa_is_ep_support_flt(int pipe_idx) */ u8 *ipa3_write_64(u64 w, u8 *dest) { + if (unlikely(dest == NULL)) { + IPAERR("NULL address!\n"); + return dest; + } *dest++ = (u8)((w) & 0xFF); *dest++ = (u8)((w >> 8) & 0xFF); *dest++ = (u8)((w >> 16) & 0xFF); @@ -1070,6 +1074,10 @@ u8 *ipa3_write_64(u64 w, u8 *dest) */ u8 *ipa3_write_32(u32 w, u8 *dest) { + if (unlikely(dest == NULL)) { + IPAERR("NULL address!\n"); + return dest; + } *dest++ = (u8)((w) & 0xFF); *dest++ = (u8)((w >> 8) & 0xFF); *dest++ = (u8)((w >> 16) & 0xFF); @@ -1087,6 +1095,10 @@ u8 *ipa3_write_32(u32 w, u8 *dest) */ u8 *ipa3_write_16(u16 hw, u8 *dest) { + if (unlikely(dest == NULL)) { + IPAERR("NULL address!\n"); + return dest; + } *dest++ = (u8)((hw) & 0xFF); *dest++ = (u8)((hw >> 8) & 0xFF); @@ -1102,6 +1114,10 @@ u8 *ipa3_write_16(u16 hw, u8 *dest) */ u8 *ipa3_write_8(u8 b, u8 *dest) { + if (unlikely(dest == NULL)) { + IPAERR("NULL address!\n"); + return dest; + } *dest++ = (b) & 0xFF; return dest; diff --git a/drivers/platform/msm/ipa/ipa_v3/rmnet_ipa.c b/drivers/platform/msm/ipa/ipa_v3/rmnet_ipa.c index c9f2c150e668..4c6961bcfcbc 100644 --- a/drivers/platform/msm/ipa/ipa_v3/rmnet_ipa.c +++ b/drivers/platform/msm/ipa/ipa_v3/rmnet_ipa.c @@ -2145,7 +2145,8 @@ static int ipa3_wwan_remove(struct platform_device *pdev) IPA_RM_RESOURCE_WWAN_0_PROD, ret); cancel_work_sync(&ipa3_tx_wakequeue_work); cancel_delayed_work(&ipa_tether_stats_poll_wakequeue_work); - free_netdev(IPA_NETDEV()); + if (IPA_NETDEV()) + free_netdev(IPA_NETDEV()); rmnet_ipa3_ctx->wwan_priv = NULL; /* No need to remove wwan_ioctl during SSR */ if (!atomic_read(&rmnet_ipa3_ctx->is_ssr)) @@ -2179,9 +2180,20 @@ static int ipa3_wwan_remove(struct platform_device *pdev) static int rmnet_ipa_ap_suspend(struct device *dev) { struct net_device *netdev = IPA_NETDEV(); - struct ipa3_wwan_private *wwan_ptr = netdev_priv(netdev); + struct ipa3_wwan_private *wwan_ptr; IPAWANDBG("Enter...\n"); + if (netdev == NULL) { + IPAWANERR("netdev is NULL.\n"); + return 0; + } + + wwan_ptr = netdev_priv(netdev); + if (wwan_ptr == NULL) { + IPAWANERR("wwan_ptr is NULL.\n"); + return 0; + } + /* Do not allow A7 to suspend in case there are oustanding packets */ if (atomic_read(&wwan_ptr->outstanding_pkts) != 0) { IPAWANDBG("Outstanding packets, postponing AP suspend.\n"); @@ -2212,7 +2224,8 @@ static int rmnet_ipa_ap_resume(struct device *dev) struct net_device *netdev = IPA_NETDEV(); IPAWANDBG("Enter...\n"); - netif_wake_queue(netdev); + if (netdev) + netif_wake_queue(netdev); IPAWANDBG("Exit\n"); return 0; @@ -2255,7 +2268,8 @@ static int ipa3_ssr_notifier_cb(struct notifier_block *this, pr_info("IPA received MPSS BEFORE_SHUTDOWN\n"); atomic_set(&rmnet_ipa3_ctx->is_ssr, 1); ipa3_q6_cleanup(); - netif_stop_queue(IPA_NETDEV()); + if (IPA_NETDEV()) + netif_stop_queue(IPA_NETDEV()); ipa3_qmi_stop_workqueues(); ipa3_wan_ioctl_stop_qmi_messages(); ipa_stop_polling_stats();