2021-04-07 21:03:31

by Colin King

Subject: [PATCH][next] media: venus: hfi,pm,firmware: Fix dereference before null check on hdev

From: Colin Ian King <[email protected]>

The pointer hdev is being dereferenced twice on the assignment of
pointers cpu_cs_base and wrapper_base before hdev is being null
checked. Fix the potential null pointer dereference issues by
performing the null check of hdev before dereferencing it when
assigning cpu_cs_base and wrapper_base.

Addresses-Coverity: ("Dereference before null check")
Fixes: ff2a7013b3e6 ("media: venus: hfi,pm,firmware: Convert to block relative addressing")
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/media/platform/qcom/venus/hfi_venus.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/media/platform/qcom/venus/hfi_venus.c b/drivers/media/platform/qcom/venus/hfi_venus.c
index cebb20cf371f..3eabb2646572 100644
--- a/drivers/media/platform/qcom/venus/hfi_venus.c
+++ b/drivers/media/platform/qcom/venus/hfi_venus.c
@@ -1094,12 +1094,14 @@ static irqreturn_t venus_isr(struct venus_core *core)
{
struct venus_hfi_device *hdev = to_hfi_priv(core);
u32 status;
- void __iomem *cpu_cs_base = hdev->core->cpu_cs_base;
- void __iomem *wrapper_base = hdev->core->wrapper_base;
+ void __iomem *cpu_cs_base, *wrapper_base;

if (!hdev)
return IRQ_NONE;

+ cpu_cs_base = hdev->core->cpu_cs_base;
+ wrapper_base = hdev->core->wrapper_base;
+
status = readl(wrapper_base + WRAPPER_INTR_STATUS);
if (IS_V6(core)) {
if (status & WRAPPER_INTR_STATUS_A2H_MASK ||
--
2.30.2

2021-04-07 22:45:35

by Muhammad Usama Anjum

Subject: Re: [PATCH][next] media: venus: hfi,pm,firmware: Fix dereference before null check on hdev

On Wed, 2021-04-07 at 15:10 +0100, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> The pointer hdev is being dereferenced twice on the assignment of
> pointers cpu_cs_base and wrapper_base before hdev is being null
> checked. Fix the potential null pointer dereference issues by
> performing the null check of hdev before dereferencing it when
> assigning cpu_cs_base and wrapper_base.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: ff2a7013b3e6 ("media: venus: hfi,pm,firmware: Convert to block relative addressing")
> Signed-off-by: Colin Ian King <[email protected]>
> ---
> drivers/media/platform/qcom/venus/hfi_venus.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/media/platform/qcom/venus/hfi_venus.c b/drivers/media/platform/qcom/venus/hfi_venus.c
> index cebb20cf371f..3eabb2646572 100644
> --- a/drivers/media/platform/qcom/venus/hfi_venus.c
> +++ b/drivers/media/platform/qcom/venus/hfi_venus.c
> @@ -1094,12 +1094,14 @@ static irqreturn_t venus_isr(struct venus_core *core)
> {
> struct venus_hfi_device *hdev = to_hfi_priv(core);
> u32 status;
> - void __iomem *cpu_cs_base = hdev->core->cpu_cs_base;
> - void __iomem *wrapper_base = hdev->core->wrapper_base;
> + void __iomem *cpu_cs_base, *wrapper_base;
>
> if (!hdev)
> return IRQ_NONE;
>
> + cpu_cs_base = hdev->core->cpu_cs_base;
> + wrapper_base = hdev->core->wrapper_base;
> +
> status = readl(wrapper_base + WRAPPER_INTR_STATUS);
> if (IS_V6(core)) {
> if (status & WRAPPER_INTR_STATUS_A2H_MASK ||

Reviewed-by: Muhammad Usama Anjum <[email protected]>