Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752980AbdLENaZ (ORCPT ); Tue, 5 Dec 2017 08:30:25 -0500 Received: from mga05.intel.com ([192.55.52.43]:42470 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752713AbdLENaY (ORCPT ); Tue, 5 Dec 2017 08:30:24 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,364,1508828400"; d="scan'208";a="1252110108" Date: Tue, 5 Dec 2017 15:30:20 +0200 From: Ville =?iso-8859-1?Q?Syrj=E4l=E4?= To: "Gustavo A. R. Silva" Cc: VMware Graphics , Sinclair Yeh , Thomas Hellstrom , David Airlie , linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org Subject: Re: [PATCH] drm/vmwgfx_kms: Fix potential NULL pointer dereference Message-ID: <20171205133019.GS10981@intel.com> References: <20171204215418.GA23874@embeddedor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20171204215418.GA23874@embeddedor.com> User-Agent: Mutt/1.7.2 (2016-11-26) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1707 Lines: 49 On Mon, Dec 04, 2017 at 03:54:18PM -0600, Gustavo A. R. Silva wrote: > crtc_state is being null checked in a previous code block, which implies > that such pointer might be null. > > crtc_state is dereferenced in drm_atomic_helper_check_plane_state, hence > there is a potential null pointer dereference. This is a false positive. drm_atomic_helper_check_plane_state() will not dereference crtc_state when plane_state->crtc is NULL. > > Fix this by warning-on and returning -EINVAL in case crtc_state is null. > > Addresses-Coverity-ID: 1462412 ("Dereference after null check") > Fixes: a01cb8ba3f62 ("drm: Move drm_plane_helper_check_state() into drm_atomic_helper.c") > Signed-off-by: Gustavo A. R. Silva > --- > drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c > index a2a93d7..72c3b290 100644 > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c > @@ -454,6 +454,9 @@ int vmw_du_primary_plane_atomic_check(struct drm_plane *plane, > clip.y2 = crtc_state->adjusted_mode.vdisplay; > } > > + if (WARN_ON(!crtc_state)) > + return -EINVAL; This would in fact break the driver because it would flag an error whenever the plane is disabled. > + > ret = drm_atomic_helper_check_plane_state(state, crtc_state, &clip, > DRM_PLANE_HELPER_NO_SCALING, > DRM_PLANE_HELPER_NO_SCALING, > -- > 2.7.4 > > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/dri-devel -- Ville Syrj?l? Intel OTC