2023-05-15 12:54:54

by Raphael Gallais-Pou

[permalink] [raw]
Subject: [PATCH RESEND] drm/stm: ltdc: fix late dereference check

In ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a
container_of() before the pointer check. This could cause a kernel panic.

Fix this smatch warning:
drivers/gpu/drm/stm/ltdc.c:1124 ltdc_crtc_set_crc_source() warn: variable dereferenced before check 'crtc' (see line 1119)

Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>
Link: https://lore.kernel.org/lkml/[email protected]/
Signed-off-by: Raphael Gallais-Pou <[email protected]>
---
drivers/gpu/drm/stm/ltdc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/stm/ltdc.c b/drivers/gpu/drm/stm/ltdc.c
index 03c6becda795..b8be4c1db423 100644
--- a/drivers/gpu/drm/stm/ltdc.c
+++ b/drivers/gpu/drm/stm/ltdc.c
@@ -1145,7 +1145,7 @@ static void ltdc_crtc_disable_vblank(struct drm_crtc *crtc)

static int ltdc_crtc_set_crc_source(struct drm_crtc *crtc, const char *source)
{
- struct ltdc_device *ldev = crtc_to_ltdc(crtc);
+ struct ltdc_device *ldev;
int ret;

DRM_DEBUG_DRIVER("\n");
@@ -1153,6 +1153,8 @@ static int ltdc_crtc_set_crc_source(struct drm_crtc *crtc, const char *source)
if (!crtc)
return -ENODEV;

+ ldev = crtc_to_ltdc(crtc);
+
if (source && strcmp(source, "auto") == 0) {
ldev->crc_active = true;
ret = regmap_set_bits(ldev->regmap, LTDC_GCR, GCR_CRCEN);
--
2.25.1



2023-05-26 09:23:16

by Philippe CORNU

[permalink] [raw]
Subject: Re: [PATCH RESEND] drm/stm: ltdc: fix late dereference check



On 5/15/23 14:38, Raphael Gallais-Pou wrote:
> In ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a
> container_of() before the pointer check. This could cause a kernel panic.
>
> Fix this smatch warning:
> drivers/gpu/drm/stm/ltdc.c:1124 ltdc_crtc_set_crc_source() warn: variable dereferenced before check 'crtc' (see line 1119)
>
> Reported-by: kernel test robot <[email protected]>
> Reported-by: Dan Carpenter <[email protected]>
> Link: https://lore.kernel.org/lkml/[email protected]/
> Signed-off-by: Raphael Gallais-Pou <[email protected]>
> ---
> drivers/gpu/drm/stm/ltdc.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/stm/ltdc.c b/drivers/gpu/drm/stm/ltdc.c
> index 03c6becda795..b8be4c1db423 100644
> --- a/drivers/gpu/drm/stm/ltdc.c
> +++ b/drivers/gpu/drm/stm/ltdc.c
> @@ -1145,7 +1145,7 @@ static void ltdc_crtc_disable_vblank(struct drm_crtc *crtc)
>
> static int ltdc_crtc_set_crc_source(struct drm_crtc *crtc, const char *source)
> {
> - struct ltdc_device *ldev = crtc_to_ltdc(crtc);
> + struct ltdc_device *ldev;
> int ret;
>
> DRM_DEBUG_DRIVER("\n");
> @@ -1153,6 +1153,8 @@ static int ltdc_crtc_set_crc_source(struct drm_crtc *crtc, const char *source)
> if (!crtc)
> return -ENODEV;
>
> + ldev = crtc_to_ltdc(crtc);
> +
> if (source && strcmp(source, "auto") == 0) {
> ldev->crc_active = true;
> ret = regmap_set_bits(ldev->regmap, LTDC_GCR, GCR_CRCEN);

Hi Raphael,
and many thanks for your patch.
Acked-by: Philippe Cornu <[email protected]>
Philippe :-)


2023-05-26 11:50:23

by Philippe CORNU

[permalink] [raw]
Subject: Re: [PATCH RESEND] drm/stm: ltdc: fix late dereference check


On 5/15/23 14:38, Raphael Gallais-Pou wrote:
> In ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a
> container_of() before the pointer check. This could cause a kernel panic.
>
> Fix this smatch warning:
> drivers/gpu/drm/stm/ltdc.c:1124 ltdc_crtc_set_crc_source() warn: variable dereferenced before check 'crtc' (see line 1119)
>
> Reported-by: kernel test robot <[email protected]>
> Reported-by: Dan Carpenter <[email protected]>
> Link: https://lore.kernel.org/lkml/[email protected]/
> Signed-off-by: Raphael Gallais-Pou <[email protected]>
> ---
> drivers/gpu/drm/stm/ltdc.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/stm/ltdc.c b/drivers/gpu/drm/stm/ltdc.c
> index 03c6becda795..b8be4c1db423 100644
> --- a/drivers/gpu/drm/stm/ltdc.c
> +++ b/drivers/gpu/drm/stm/ltdc.c
> @@ -1145,7 +1145,7 @@ static void ltdc_crtc_disable_vblank(struct drm_crtc *crtc)
>
> static int ltdc_crtc_set_crc_source(struct drm_crtc *crtc, const char *source)
> {
> - struct ltdc_device *ldev = crtc_to_ltdc(crtc);
> + struct ltdc_device *ldev;
> int ret;
>
> DRM_DEBUG_DRIVER("\n");
> @@ -1153,6 +1153,8 @@ static int ltdc_crtc_set_crc_source(struct drm_crtc *crtc, const char *source)
> if (!crtc)
> return -ENODEV;
>
> + ldev = crtc_to_ltdc(crtc);
> +
> if (source && strcmp(source, "auto") == 0) {
> ldev->crc_active = true;
> ret = regmap_set_bits(ldev->regmap, LTDC_GCR, GCR_CRCEN);

Hi Raphael,
Applied on drm-misc-next.

Note & fyi, I fixed the following warning, please be sure to follow this
rule next time :-)
WARNING:BAD_REPORTED_BY_LINK: Reported-by: should be immediately
followed by Closes: with a URL to the report

Many thanks for your patch,
Philippe :-)