[PATCH] firmware: arm_ffa: Fix NULL dereference in ffa_partition_info_get()

[Unnathi Chalicheemala]

On 6/12/2026 3:55 AM, Sudeep Holla wrote:
> 
>> Per the FF-A spec, the all-zeros UUID is the defined wildcard that
>> instructs the SPMC to return information for all partitions. Map NULL
>> and empty string to uuid_null rather than crashing in uuid_parse(),
>> preserving the intended "return all partitions" semantics for callers
>> that pass NULL.
>>
> 
> Agreed on the spec part but not w.r.t the interface. Where is the driver
> using this call and why is it sending null or wants to extract all the
> partition information ?
> 

A developer wanting all partitions might reasonably pass the all-zeros string
"00000000-0000-0000-0000-000000000000"? 

>> Fixes: d0c0bce83122 ("firmware: arm_ffa: Setup in-kernel users of FFA partitions")
>> Signed-off-by: Unnathi Chalicheemala <unnathi.chalicheemala at oss.qualcomm.com>
>> ---
>>  drivers/firmware/arm_ffa/driver.c | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/firmware/arm_ffa/driver.c b/drivers/firmware/arm_ffa/driver.c
>> index b9f17fda7243..dd500fb81b79 100644
>> --- a/drivers/firmware/arm_ffa/driver.c
>> +++ b/drivers/firmware/arm_ffa/driver.c
>> @@ -1129,7 +1129,9 @@ static int ffa_partition_info_get(const char *uuid_str,
>>  	uuid_t uuid;
>>  	struct ffa_partition_info *pbuf;
>>  
>> -	if (uuid_parse(uuid_str, &uuid)) {
>> +	if (!uuid_str || uuid_str[0] == '\0') {
>> +		uuid = uuid_null;
> 
> I object to make it uuid_null. Below check is enough to check NULL
> dereference.
> 
> -       if (uuid_parse(uuid_str, &uuid)) {
> +       if (!uuid_str || uuid_parse(uuid_str, &uuid)) {
> 
> 
> I don't think we need to service NULL as valid argument via this interface
> as the callee driver needs to pass its partition UUID here.
> 
I agree with you, NULL doesn't seem like a valid use case.

Will send another version with your suggestion, thank you for the review.

Regards,
Unnathi