Commit 0a5e6950 authored by Sudeep Holla's avatar Sudeep Holla
Browse files

firmware: arm_ffa: Check for NULL FF-A ID table while driver registration 

The bus match callback assumes that every FF-A driver provides an
id_table and dereferences it unconditionally. Enforce that contract at
registration time so a buggy client driver cannot crash the bus during
match.

Fixes: 92743071 ("firmware: arm_ffa: Ensure drivers provide a probe function")
Link: https://patch.msgid.link/20260428-ffa_fixes-v2-1-8595ae450034@kernel.org


Signed-off-by: default avatarSudeep Holla <sudeep.holla@kernel.org>
parent 254f4963

drivers/firmware/arm_ffa/bus.c

+3 −1
Original line number Diff line number Diff line
@@ -26,6 +26,8 @@ static int ffa_device_match(struct device *dev, const struct device_driver *drv) 


	id_table = to_ffa_driver(drv)->id_table;

	ffa_dev = to_ffa_dev(dev);

	if (!id_table)

		return 0;



	while (!uuid_is_null(&id_table->uuid)) {

		/*
@@ -123,7 +125,7 @@ int ffa_driver_register(struct ffa_driver *driver, struct module *owner, 
{

	int ret;



	if (!driver->probe)

	if (!driver->probe || !driver->id_table)

		return -EINVAL;



	driver->driver.bus = &ffa_bus_type;