Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753884AbcKOQTC (ORCPT ); Tue, 15 Nov 2016 11:19:02 -0500 Received: from mail-cys01nam02on0079.outbound.protection.outlook.com ([104.47.37.79]:60688 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753741AbcKOQTA (ORCPT ); Tue, 15 Nov 2016 11:19:00 -0500 From: "Deucher, Alexander" To: "'Colin Ian King'" , "Koenig, Christian" , David Airlie , "Zhu, Rex" , "StDenis, Tom" , "Huang, Ray" , =?utf-8?B?TmlscyBXYWxsbcOpbml1cw==?= , Baoyou Xie , "dri-devel@lists.freedesktop.org" CC: "linux-kernel@vger.kernel.org" Subject: RE: [PATCH] drm/amd/powerplay: check if table_info is NULL before dereferencing it Thread-Topic: [PATCH] drm/amd/powerplay: check if table_info is NULL before dereferencing it Thread-Index: AQHSPz9ynHmEUylN6k+BUa683WLSJ6DaLXJAgAAJRYCAAAJaoA== Date: Tue, 15 Nov 2016 16:18:53 +0000 Message-ID: References: <20161115125435.6236-1-colin.king@canonical.com> <3adcaa1f-6ded-0a56-2f44-c830e5a2d198@canonical.com> In-Reply-To: <3adcaa1f-6ded-0a56-2f44-c830e5a2d198@canonical.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alexander.Deucher@amd.com; x-originating-ip: [165.204.55.251] x-microsoft-exchange-diagnostics: 1;MWHPR12MB1309;7:WbmPKBUWkJwFtpR1pDq7QxfoDkqfvCu3dU3+JNbNL9jC9quL4gwYyPmCaCuvqvT+iua+bN+liLssKRAR5BTpMGhV0rgy51hu85W9q0aCrzahnfE31cSjJ5CLOKIXgEZ0FW/AoQf8xZWv2Bj5l4KPBRNMF9xGBZEPAPq43DrR+jhbLEJOhKSxQIgUxayN3yiV1IwqHRTs1n5m32cUSDfMORpdapejj056hISd5kZOeqYgdfSccpwY0SMWd7p89N/8iv9GeShUQ1bCtRskwRZAJWEvcrWWgDQ7W11edZXbguHo7taiQaX3/pjWXsDYeI78s1gdTl9eym6/wColqiVshk1ZTHrK4Xf+ij6VQX4/zTc=;20:wrp0+hTYLe2xaC8fZuJP2/fPdLRY7Ow2DoohE0JrKxhVyaat3/Q4ssEcrpQGoa52gii0Hd2SeHoTPJsvnA9Qq57gdijuG+SJP6wXdGJgL6XZPHZzFoC+D9U4vNUwcQ4CAxzYLCDWFTnn1AIzmQroiLIS/pHbytNChjlfyc7OGjNumKr2868hqOEig1q/YoothRGgNsL20wagTqjEfkUt67kNbsMCIZ73oFceenNBa9gO98US6yGox50RfD1joCUv x-forefront-antispam-report: SFV:SKI;SCL:-1SFV:NSPM;SFS:(10009020)(6009001)(7916002)(13464003)(189002)(24454002)(199003)(377454003)(2501003)(305945005)(9686002)(4326007)(3660700001)(87936001)(2906002)(66066001)(8936002)(74316002)(7696004)(33656002)(2950100002)(7736002)(68736007)(7846002)(99286002)(106356001)(106116001)(76576001)(105586002)(3280700002)(6116002)(122556002)(3846002)(102836003)(86362001)(5660300001)(8676002)(50986999)(54356999)(76176999)(101416001)(229853002)(189998001)(77096005)(92566002)(2900100001)(81156014)(81166006)(97736004)(5001770100001)(61793002)(921003)(1121003);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR12MB1309;H:MWHPR12MB1694.namprd12.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; x-ms-office365-filtering-correlation-id: aa7d3f3e-e21c-4f49-30a2-08d40d7317c0 x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:MWHPR12MB1309; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(9452136761055)(217544274631240)(198206253151910); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6060326)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(6061324);SRVR:MWHPR12MB1309;BCL:0;PCL:0;RULEID:;SRVR:MWHPR12MB1309; x-forefront-prvs: 012792EC17 spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Nov 2016 16:18:53.5062 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1309 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by mail.home.local id uAFGJBms029276 Content-Length: 4165 Lines: 115 > -----Original Message----- > From: Colin Ian King [mailto:colin.king@canonical.com] > Sent: Tuesday, November 15, 2016 11:09 AM > To: Deucher, Alexander; Koenig, Christian; David Airlie; Zhu, Rex; StDenis, > Tom; Huang, Ray; Nils Wallménius; Baoyou Xie; dri- > devel@lists.freedesktop.org > Cc: linux-kernel@vger.kernel.org > Subject: Re: [PATCH] drm/amd/powerplay: check if table_info is NULL before > dereferencing it > > On 15/11/16 15:49, Deucher, Alexander wrote: > >> -----Original Message----- > >> From: Colin King [mailto:colin.king@canonical.com] > >> Sent: Tuesday, November 15, 2016 7:55 AM > >> To: Deucher, Alexander; Koenig, Christian; David Airlie; Zhu, Rex; StDenis, > >> Tom; Huang, Ray; Nils Wallménius; Baoyou Xie; dri- > >> devel@lists.freedesktop.org > >> Cc: linux-kernel@vger.kernel.org > >> Subject: [PATCH] drm/amd/powerplay: check if table_info is NULL before > >> dereferencing it > >> > >> From: Colin Ian King > >> > >> table_info is being dereferenced before a null check, which implies > >> a potential null pointer deference error. Fix this by moving the null > >> check of table_info to the start of smu7_get_evv_voltages to avoid > >> potential null pointer deferencing. > >> > >> Found with static analysis by CoverityScan, CID 1377752 > >> > >> Signed-off-by: Colin Ian King > > > > NACK, this effectively reverts the patch. This causes the function to exit > early on asics where the table it NULL which is not what we want. Whether > the table exists or not is dependent on the table version and the feature > caps for the chip which are checked before the table is dereferenced. The > NULL check in the top if clause is not strictly necessary and could be > removed. > > > > Alex > > OK, understood. The part I'm missing is that we dereference table_info > at the following statement: > > if ((hwmgr->pp_table_version == PP_TABLE_V1) > && !phm_get_sclk_for_voltage_evv(hwmgr, > table_info->vddgfx_lookup_table, vv_id, &sclk)) > > and later check if it is NULL. So, I can't see where table_info is being > set other than the start of the function, so, either it can be null and > hence we have a null ptr deference, or it's never null, in which case > the check for NULL is redundant. Yes, that check is redundant. That is was I was referring to above. Alex > > Colin > > > >> --- > >> drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 6 ++---- > >> 1 file changed, 2 insertions(+), 4 deletions(-) > >> > >> diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c > >> b/drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c > >> index 28e748d..6798067 100644 > >> --- a/drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c > >> +++ b/drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c > >> @@ -1473,6 +1473,8 @@ static int smu7_get_evv_voltages(struct > pp_hwmgr > >> *hwmgr) > >> (struct phm_ppt_v1_information *)hwmgr->pptable; > >> struct phm_ppt_v1_clock_voltage_dependency_table *sclk_table = > >> NULL; > >> > >> + if (table_info == NULL) > >> + return -EINVAL; > >> > >> for (i = 0; i < SMU7_MAX_LEAKAGE_COUNT; i++) { > >> vv_id = ATOM_VIRTUAL_VOLTAGE_ID0 + i; > >> @@ -1483,8 +1485,6 @@ static int smu7_get_evv_voltages(struct > pp_hwmgr > >> *hwmgr) > >> table_info- > >>> vddgfx_lookup_table, vv_id, &sclk)) { > >> if (phm_cap_enabled(hwmgr- > >>> platform_descriptor.platformCaps, > >> > >> PHM_PlatformCaps_ClockStretcher)) { > >> - if (table_info == NULL) > >> - return -EINVAL; > >> sclk_table = table_info- > >>> vdd_dep_on_sclk; > >> > >> for (j = 1; j < sclk_table->count; j++) { > >> @@ -1517,8 +1517,6 @@ static int smu7_get_evv_voltages(struct > pp_hwmgr > >> *hwmgr) > >> table_info->vddc_lookup_table, > >> vv_id, &sclk)) { > >> if (phm_cap_enabled(hwmgr- > >>> platform_descriptor.platformCaps, > >> > >> PHM_PlatformCaps_ClockStretcher)) { > >> - if (table_info == NULL) > >> - return -EINVAL; > >> sclk_table = table_info- > >>> vdd_dep_on_sclk; > >> > >> for (j = 1; j < sclk_table->count; j++) { > >> -- > >> 2.10.2 > >