The "perfmon" pointer is equal to the return value of idr_find
which may be NULL, access by vc4_perfmon_get before checking if
it was NULL. Fix this by dereferencing "perfmon" after "perfmon"
has been null checked.
Addresses-Coverity: ("Dereference before null check")
Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace")
Signed-off-by: Yu Liao <[email protected]>
---
drivers/gpu/drm/vc4/vc4_perfmon.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_perfmon.c b/drivers/gpu/drm/vc4/vc4_perfmon.c
index c7f5adb6bcf8..ca969b8c7dde 100644
--- a/drivers/gpu/drm/vc4/vc4_perfmon.c
+++ b/drivers/gpu/drm/vc4/vc4_perfmon.c
@@ -17,13 +17,17 @@
void vc4_perfmon_get(struct vc4_perfmon *perfmon)
{
- struct vc4_dev *vc4 = perfmon->dev;
+ struct vc4_dev *vc4;
+
+ if (!perfmon)
+ return;
+
+ vc4 = perfmon->dev;
if (WARN_ON_ONCE(vc4->is_vc5))
return;
- if (perfmon)
- refcount_inc(&perfmon->refcnt);
+ refcount_inc(&perfmon->refcnt);
}
void vc4_perfmon_put(struct vc4_perfmon *perfmon)
--
2.25.1
On Tue, 28 Jun 2022 14:36:57 +0800
Yu Liao <[email protected]> wrote:
> The "perfmon" pointer is equal to the return value of idr_find
> which may be NULL, access by vc4_perfmon_get before checking if
> it was NULL. Fix this by dereferencing "perfmon" after "perfmon"
> has been null checked.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace")
> Signed-off-by: Yu Liao <[email protected]>
Reviewed-by: Boris Brezillon <[email protected]>
> ---
> drivers/gpu/drm/vc4/vc4_perfmon.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/vc4/vc4_perfmon.c b/drivers/gpu/drm/vc4/vc4_perfmon.c
> index c7f5adb6bcf8..ca969b8c7dde 100644
> --- a/drivers/gpu/drm/vc4/vc4_perfmon.c
> +++ b/drivers/gpu/drm/vc4/vc4_perfmon.c
> @@ -17,13 +17,17 @@
>
> void vc4_perfmon_get(struct vc4_perfmon *perfmon)
> {
> - struct vc4_dev *vc4 = perfmon->dev;
> + struct vc4_dev *vc4;
> +
> + if (!perfmon)
> + return;
> +
> + vc4 = perfmon->dev;
>
> if (WARN_ON_ONCE(vc4->is_vc5))
> return;
>
> - if (perfmon)
> - refcount_inc(&perfmon->refcnt);
> + refcount_inc(&perfmon->refcnt);
> }
>
> void vc4_perfmon_put(struct vc4_perfmon *perfmon)
Hi,
On Tue, Jun 28, 2022 at 02:36:57PM +0800, Yu Liao wrote:
> The "perfmon" pointer is equal to the return value of idr_find
> which may be NULL, access by vc4_perfmon_get before checking if
> it was NULL. Fix this by dereferencing "perfmon" after "perfmon"
> has been null checked.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace")
> Signed-off-by: Yu Liao <[email protected]>
A similar patch has already been merged:
https://lore.kernel.org/dri-devel/[email protected]/
Thanks!
Maxime