Google Git
Sign in
android / kernel / google-modules / bms / 38316468aa587733241acac7f56eb430052c28b9^! / .
commit38316468aa587733241acac7f56eb430052c28b9[log] [tgz]
authorSpade Lee <[email protected]>Wed Jun 19 08:00:07 2024 +0000
committerAndroid Build Coastguard Worker <[email protected]>Wed Dec 18 09:39:22 2024 -0800
treead6a59a0a1ab0ef437c38fc6a470b2d381a5f467
parenteaa93f9e32a4b7600612b15899cca1a097744ea8 [diff]
max_m5: add pointer validity check

- add validity check before dereference pointer
- fix wrongly register ->regmap_nvram.regmap if ->gauge_type = -1

Bug: 348083431
Test: build PASS, no kernel panic
Signed-off-by: Spade Lee <[email protected]>
(cherry picked from commit 99936e8ce0e0d2496f4832f953bdc2697982dfc6)
(cherry picked from https://partner-android-review.googlesource.com/q/commit:e3cf2e9791c902d04a958a0a76f27a3a4239fb1e)
Merged-In: Iee0dafec1a7e6286419056742075a6375e75cca0
Change-Id: Iee0dafec1a7e6286419056742075a6375e75cca0

diff --git a/max1720x_battery.c b/max1720x_battery.c
index b07a643..24843cc 100644
--- a/max1720x_battery.c
+++ b/max1720x_battery.c

@@ -5559,7 +5559,7 @@
 	}
 
 	/* todo read secondary address from DT */
-	if (!secondary_address) {
+	if (!secondary_address || chip->gauge_type == -1) {
 		dev_warn(chip->dev, "Device 0x%x has no permanent storage\n",
 			chip->devname);
 		return 0;

diff --git a/max_m5.c b/max_m5.c
index bdcba34..e2bc818 100644
--- a/max_m5.c
+++ b/max_m5.c

@@ -356,6 +356,9 @@
 	u16 version;
 	int ret;
 
+	if (!m5_data)
+		return -EINVAL;
+
 	ret = REGMAP_READ(m5_data->regmap, MODEL_VERSION_REG, &version);
 	if (ret < 0)
 		return ret;
@@ -368,6 +371,9 @@
 	u16 temp;
 	int ret;
 
+	if (!m5_data)
+		return -EINVAL;
+
 	if (version == MAX_M5_INVALID_VERSION)
 		return 0;
 
@@ -399,6 +405,9 @@
 	struct model_state_save data;
 	int ret = 0;
 
+	if (!m5_data)
+		return -EINVAL;
+
 	memset(&data, 0xff, sizeof(data));
 
 	ret = gbms_storage_write(GBMS_TAG_GMSR, &data, sizeof(data));
@@ -412,6 +421,9 @@
 {
 	int read_rc, para_rc;
 
+	if (!m5_data)
+		return 0;
+
 	if (m5_data->force_reset_model_data)
 		return 1;
 
@@ -617,6 +629,9 @@
 int max_m5_fixup_outliers(struct max1720x_drift_data *ddata,
 			  struct max_m5_data *m5_data)
 {
+	if (!ddata || !m5_data)
+		return -EINVAL;
+
 	if (ddata->design_capacity != m5_data->parameters.designcap)
 		ddata->design_capacity = m5_data->parameters.designcap;
 	if (ddata->ini_rcomp0 != m5_data->parameters.rcomp0)
@@ -758,6 +773,9 @@
 	u16 learncfg;
 	int ret = 0;
 
+	if (!m5_data)
+		return -EINVAL;
+
 	/* Do not save when in RC1 stage b/213425610 */
 	ret = REGMAP_READ(m5_data->regmap, MAX_M5_LEARNCFG, &learncfg);
 	if (ret < 0)
@@ -821,6 +839,9 @@
 	struct max_m5_custom_parameters *fg_param = &m5_data->parameters;
 	bool bad_residual;
 
+	if (!m5_data)
+		return -EINVAL;
+
 	if (fg_param->rcomp0 == 0xFF)
 		return -ERANGE;
 
@@ -846,6 +867,9 @@
 	int rc;
 	struct maxfg_regmap *regmap = m5_data->regmap;
 
+	if (!m5_data)
+		return -EINVAL;
+
 	rc= REGMAP_READ(regmap, MAX_M5_RCOMP0, &m5_data->parameters.rcomp0);
 	if (rc == 0)
 		rc = REGMAP_READ(regmap, MAX_M5_TEMPCO,
@@ -885,6 +909,9 @@
 
 u16 max_m5_get_designcap(const struct max_m5_data *m5_data)
 {
+	if (!m5_data)
+		return -EINVAL;
+
 	return m5_data->parameters.designcap;
 }
 
@@ -951,6 +978,9 @@
 {
 	int ret, index, reg, val;
 
+	if (!m5_data)
+		return -EINVAL;
+
 	for (index = 0; index < max ; index += 1) {
 		ret = sscanf(&buf[index], "%x:%x", &reg, &val);
 		if (ret != 2) {
@@ -1097,6 +1127,9 @@
 	struct maxfg_regmap *regmap = m5_data->regmap;
 	int cap_lsb;
 
+	if (!m5_data)
+		return -EINVAL;
+
 	return max_m5_read_taskperiod(&cap_lsb, regmap) < 0 ? -1 : cap_lsb;
 }
 
@@ -1105,7 +1138,7 @@
 {
 	int i, len;
 
-	if (!m5_data->custom_model || !m5_data->custom_model_size)
+	if (!m5_data || !m5_data->custom_model || !m5_data->custom_model_size)
 		return -EINVAL;
 
 	for (len = 0, i = 0; i < m5_data->custom_model_size; i += 1)
@@ -1118,7 +1151,8 @@
 
 int max_m5_get_rc_switch_param(struct max_m5_data *m5_data, u16 *rc2_tempco, u16 *rc2_learncfg)
 {
-	if (m5_data->parameters.tempco <= 0 || m5_data->parameters.learncfg <= 0)
+
+	if (!m5_data || m5_data->parameters.tempco <= 0 || m5_data->parameters.learncfg <= 0)
 		return -EINVAL;
 
 	*rc2_tempco = m5_data->parameters.tempco;
@@ -1132,7 +1166,7 @@
 {
 	int ret, index, reg, val, fg_model_end;
 
-	if (!m5_data->custom_model)
+	if (!m5_data || !m5_data->custom_model)
 		return -EINVAL;
 
 	/* use the default size */
@@ -1442,6 +1476,9 @@
 
 int max_m5_recal_cycle(const struct max_m5_data *m5_data)
 {
+	if (!m5_data)
+		return 0;
+
 	return m5_data->recal.base_cycle_reg;
 }
 
@@ -1456,6 +1493,9 @@
 	const int cnt_w_cgain = sizeof(*cp) / 2;
 	int ret, cnt;
 
+	if (!m5_data)
+		return -EINVAL;
+
 	memset(cp, 0, sizeof(*cp));
 
 	cnt = of_property_count_elems_of_size(node, propname, sizeof(u16));
@@ -1481,7 +1521,8 @@
 
 void max_m5_free_data(struct max_m5_data *m5_data)
 {
-	devm_kfree(m5_data->dev, m5_data);
+	if (m5_data)
+		devm_kfree(m5_data->dev, m5_data);
 }
 
 void *max_m5_init_data(struct device *dev, struct device_node *node,