Received: by 10.223.176.5 with SMTP id f5csp1183168wra; Fri, 2 Feb 2018 12:40:49 -0800 (PST) X-Google-Smtp-Source: AH8x224cdZlepTZ+HIXNAgRSeabS8LZQ32uoR6ZDST1Pe4OcTeF3r1/6POH1CfcTvvEzES4NkA7H X-Received: by 10.99.99.199 with SMTP id x190mr32216221pgb.193.1517604049152; Fri, 02 Feb 2018 12:40:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517604049; cv=none; d=google.com; s=arc-20160816; b=FCKIPjxrO0itPwxKfirCYvomuxWv/Ve5LnJXmBVGuf4890dTEcQcgIfu3TqKuiLUqB MWDQZEoIwGjOKwGj16xwV/2V4yuPRPJhXl+MejyUeGqMp0n1tm8xkUIy/GpCzvrAEb5U cc/v7aMD3KpFYHmmmywU68e4hL4njjj+E564zjT0kgZwPvFJSk0rXwaFVy0tC3BUIPLL /COAE9ibRoT2fLi2PtKUGuC0qYhhJheZt/M9Bxr50k8XT3RInm/CRWHhH/pD29aFWzVS Day5YljV5JIR43umuxBfCSLEjIkA7O/zopIG0P8mcFt3yfL1GKxBQNPcseOztrFGuA7T 3gsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=uygWJdX7nBTQVQ7jqN9CsxnQb40VZaEfDKS2lShaPjw=; b=lJjZaA31KhVbxeSjVm/B4E7qxT+iIt1V9S7OPlo9CJH1W3mYwM0KyqdxB08GAumiVh JWMLz8XVW9VM6z7alGM+MXNz9E4p0iNgea/cFdLZOLS4g4cGMMHIBVKDnM13+YyKvLCM 21ihYl8bNOgGyhC4T3ct1255Fx4FJgWCEK+fI3lMlH9yGWOpFPqYyQWCq4wLcZ3AygjZ Lay1B4n8Pvnicaa+qPqalxEUelOpFZobNdwtdMy23MsaIbB6RJKuO475ikSOhN8yEyO1 YidwoZmoTtauarxRexWPehpBz9Dg54WJNjjGNr2maKup7Gl0uMABtyL+7q9qolAwqPb5 Nl2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=c9yn9LaX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g19-v6si2337225plo.829.2018.02.02.12.40.34; Fri, 02 Feb 2018 12:40:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=c9yn9LaX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753088AbeBBTEi (ORCPT + 99 others); Fri, 2 Feb 2018 14:04:38 -0500 Received: from mail-it0-f66.google.com ([209.85.214.66]:38946 "EHLO mail-it0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752484AbeBBTEd (ORCPT ); Fri, 2 Feb 2018 14:04:33 -0500 Received: by mail-it0-f66.google.com with SMTP id c80so2960411itb.4; Fri, 02 Feb 2018 11:04:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=uygWJdX7nBTQVQ7jqN9CsxnQb40VZaEfDKS2lShaPjw=; b=c9yn9LaXM+rpvMYIWm7p1k6zhEVDyTAHc2cyNxWhAunkZNGZ7VB4Wuv0fzVrAH/PLH gV0pM555hdxiu35qBalNw5XEfMNVtw/jqopvyHxUTLA/XlOVbZw6U86ZqGrTkUkTY9/X Y86bYUJIDnaCeCbkV5uO0E8grvluj+IKWti1nB2k4Q5mQnPaGg2YuAYZiMFI9C96pusJ MNxJLd/C9hgdq+7V35Lhmc1GXmUHfteOc01p6sk+hBlE8TF+vaHH/a8fOW4e3ylap/e2 h8DEZMJIH9BDd8bEgEmlcq5PrJpv9edgqs4XQyAUK/7F4ZufvXk56GaHNoVZ05n4g0wx /2dA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=uygWJdX7nBTQVQ7jqN9CsxnQb40VZaEfDKS2lShaPjw=; b=VOKQXKEPN+2CtMqljObLfjITE9AxMrl9H2gqu+7iEB8yQlgBPP1Kv1/yD7125nq87R YwifJiVXFGDE6un6/fxeK1IgpgxL6kL9Ry11UdD0cHQyOqbLbQkS1cYIyKoIzR8Ehs7o FVkg8w89DRjM4qAZrxKO4tdpJvYV3QiAJAGHvEV3qataNwDlZIBxsAgBVu/tWzqVItPh j4Y8EvwcF30AOKLZ7OmsCla8JySZUka0P3f/co2qWCOohLoKXgjCyrekCXzO9kmP0O1X FAmqilD5LPoV07I3C+ljGZDM/dT/YprEaw1BMkBRWlP0BpuUbqrq2pjs6ujo47LAQIQE oC1A== X-Gm-Message-State: AKwxytdV/klUoTBrlsJ3G4oe1QEjC2MoKcbK6UVWdUbMbylShRmvXvYO hImTWRi1Kx1QKndPQY6DNHqXn/CxY+impcRv2GE= X-Received: by 10.36.151.6 with SMTP id k6mr46700839ite.94.1517598272514; Fri, 02 Feb 2018 11:04:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.41.71 with HTTP; Fri, 2 Feb 2018 11:04:32 -0800 (PST) In-Reply-To: <20180202163006.GA878@jcrouse-lnx.qualcomm.com> References: <20180202123223.GA4410@embeddedor.com> <20180202163006.GA878@jcrouse-lnx.qualcomm.com> From: Rob Clark Date: Fri, 2 Feb 2018 14:04:32 -0500 Message-ID: Subject: Re: [PATCH] drm/msm/adreno/a5xx_debugfs: fix potential NULL pointer dereference To: "Gustavo A. R. Silva" , Rob Clark , David Airlie , linux-arm-msm , dri-devel , freedreno , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 2, 2018 at 11:30 AM, Jordan Crouse wrote: > On Fri, Feb 02, 2018 at 06:32:23AM -0600, Gustavo A. R. Silva wrote: >> _minor_ is being dereferenced before it is null checked, hence there >> is a potential null pointer dereference. Fix this by moving the pointer >> dereference after _minor_ has been null checked. >> >> Fixes: 024ad8df763f ("drm/msm: add a5xx specific debugfs") >> Signed-off-by: Gustavo A. R. Silva >> --- >> >> I wonder if a better solution for this would be to WARN_ON in case _minor_ >> happens to be NULL and return -EINVAL, instead of just returning zero. >> >> Something like: >> >> struct drm_device *dev; >> >> if (WARN_ON(!minor) >> return -EINVAL; >> >> dev = minor->dev; >> >> What do you think? > > In my opinion everything in debugfs is optional. I'm not sure if it is even > possible for dev->primary, dev->render or dev->control to be NULL from the DRM > core but if so I think the failure should be silent. > Don't have code in front of me atm, but I think this is one of those things you can hit both before and after we have the minor, depending on whether filesystem and fw are present when the driver loads or not.. so I don't think it should be a WARN_ON(). BR, -R > Jordan >> >> drivers/gpu/drm/msm/adreno/a5xx_debugfs.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/gpu/drm/msm/adreno/a5xx_debugfs.c b/drivers/gpu/drm/msm/adreno/a5xx_debugfs.c >> index 6b27941..059ec7d 100644 >> --- a/drivers/gpu/drm/msm/adreno/a5xx_debugfs.c >> +++ b/drivers/gpu/drm/msm/adreno/a5xx_debugfs.c >> @@ -159,13 +159,15 @@ DEFINE_SIMPLE_ATTRIBUTE(reset_fops, NULL, reset_set, "%llx\n"); >> >> int a5xx_debugfs_init(struct msm_gpu *gpu, struct drm_minor *minor) >> { >> - struct drm_device *dev = minor->dev; >> + struct drm_device *dev; >> struct dentry *ent; >> int ret; >> >> if (!minor) >> return 0; >> >> + dev = minor->dev; >> + >> ret = drm_debugfs_create_files(a5xx_debugfs_list, >> ARRAY_SIZE(a5xx_debugfs_list), >> minor->debugfs_root, minor); >> -- >> 2.7.4 >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-arm-msm" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, > a Linux Foundation Collaborative Project