Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp4855662pxb; Mon, 28 Mar 2022 04:39:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzX74DQyYbkKL6kCuy9pMG6ot9KYVfXcX0uY25YRsyroFiUj6zAaT1xJRrPr025FP1nl6ds X-Received: by 2002:a17:907:2ce3:b0:6df:d4a8:9039 with SMTP id hz3-20020a1709072ce300b006dfd4a89039mr27005326ejc.697.1648467563897; Mon, 28 Mar 2022 04:39:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648467563; cv=none; d=google.com; s=arc-20160816; b=0u8GE/1yrKkuz076g/CqLOu5d/rWZPS+G/+xesGB/tTLUAL5FiK+8iO2lXZbZj3iOi OJfdLTUKkI3rVr+gcIlmp+fQ/5qoc4u3ZjvSVcmCGqcS8ifUvR9okHqtvj1qhoQNAnw+ 06XzTLXluR7j4wSdgVSSpK4igNdJQgkUZHbgAbNkJhidgd9Ho6wQ4LhpYzhIv8RyYZXa EXrfg2ckSuwfX5vg6jduxi14nEq9L+LF7MdUXPSiY7NG6+nTGop7pvtr1Kl36uuRKIIa kEfEtyQLBzlt87PgIhVqR7W3olpgC16ccovinqZiVyY6IkyL0PymQwj90KWHR6A8/L4S 8SHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature; bh=UT8NRfVPaniG62r1LWTa4ALoqhuyMOXc7nycNB8eTOA=; b=G4Ho/Em5/7OzEybO3jVAQGwggFKTwZOyX2URV3lUhjHoe9cvt5lV8c5jDlxd5WOyTW fXfT9qgaYGQ5WKUAkzChERR+WDzKJNvc1oOQS9o/Rh8H+FUMISBvMfRLSfi64PapSsGG yfvBX9/XNUQJFEEuMwDxPMgnXWATJisrBn+2PbzK+K7f+GTLOQijmLjCCbVxCBd1Srfl jYp9lZMgsU/4UIHy17f7p1+57LUCGnU3rUdqmYahVA9BOHt1Zm7ler5ynaOTHvOc4xAn 8dDArkkvLqCa/HvAXc+clhmGdXRpVYfBwwQJNJHvdA8xiZ71HdekgVFaMmgmFarH3FRi 7hLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=IiWm+MaV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g2-20020a50d0c2000000b00418c2b5be50si13631181edf.306.2022.03.28.04.38.57; Mon, 28 Mar 2022 04:39:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=IiWm+MaV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229585AbiC0IAT (ORCPT + 99 others); Sun, 27 Mar 2022 04:00:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229568AbiC0IAQ (ORCPT ); Sun, 27 Mar 2022 04:00:16 -0400 Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 78E2A1EC76; Sun, 27 Mar 2022 00:58:37 -0700 (PDT) Received: by mail-pj1-x1033.google.com with SMTP id n7-20020a17090aab8700b001c6aa871860so12625225pjq.2; Sun, 27 Mar 2022 00:58:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id; bh=UT8NRfVPaniG62r1LWTa4ALoqhuyMOXc7nycNB8eTOA=; b=IiWm+MaVGSQWcTvPQHJw9oeiSuEafCApIsYcgLT9PcPKaKjO5U0l46UqswBFE7S4FM pTuWRpmyp/QUprWVEaZHaKqExU+zPaHnFcNINrjNWUbjef38YetTqjFCz3QeIwUxuaTg 1Xlga1UqkyoFt+H0OQUp8Gdzw3HtqU5IGQl8Try+03ohb9NQqB4Nm4vG8F1lXCJQDOE0 WFwxJ5taH2lOSTknX0C0Fvl8XXo7ueYxTyfUTDjtHqmKLsj3kPgyefk7soFmVO47vhH4 RugDLjc6whGtUDvAkwhBQIIJN4CJv2D11lF/OjFdivACDcK8vMk1hReH4AsLSPA3+RDz LVHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=UT8NRfVPaniG62r1LWTa4ALoqhuyMOXc7nycNB8eTOA=; b=lLG3kFHdTgfoiFyVDM4Flw+S9zNAgPd5ck5mZBHrx9v9E8ukTpqAwau1aGeyKfLPJA ULGkGvPdQR1Y0M7Dva9TcO7h691A+7aFYJreUt49NeJS8zN/2l2HtbQQrWdINU2i+rl1 sZUFoIfvL1WkMBjZqgqcrCuq7OQ6lB7q5TGgBfw+i+hB9z+iACU/SqxAFwAAQderJJmo QGfYV5kYGBNzP/6rkohUwhfb8tOedPnnHTj2V8vfbPtMRgpjEoNLUHP9NAdygrwdVUYt wQjQbQeTv9uUQrUuzYoHV8B16hN6vOdl0XOEzEvFvFK9kBlKOoQpgxFEenZx23pSNYVZ wyCA== X-Gm-Message-State: AOAM5325W8hfAaknnyolG1SjS2NtNfrgaEafN0SPQtlSL41xBmzWSwRg pvd1ZaLFvrruJh64Z2DR6YDepVUGouA= X-Received: by 2002:a17:90b:17c5:b0:1c6:3639:7daf with SMTP id me5-20020a17090b17c500b001c636397dafmr22491743pjb.105.1648367917077; Sun, 27 Mar 2022 00:58:37 -0700 (PDT) Received: from localhost ([115.220.243.108]) by smtp.gmail.com with ESMTPSA id d8-20020a056a00198800b004fab740dbe6sm11846197pfl.15.2022.03.27.00.58.35 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Sun, 27 Mar 2022 00:58:36 -0700 (PDT) From: Xiaomeng Tong To: bskeggs@redhat.com, kherbst@redhat.com, lyude@redhat.com, airlied@linux.ie, daniel@ffwll.ch Cc: martin.peres@free.fr, dri-devel@lists.freedesktop.org, nouveau@lists.freedesktop.org, linux-kernel@vger.kernel.org, Xiaomeng Tong , stable@vger.kernel.org Subject: [PATCH] clk: base: fix an incorrect NULL check on list iterator Date: Sun, 27 Mar 2022 15:58:24 +0800 Message-Id: <20220327075824.11806-1-xiam0nd.tong@gmail.com> X-Mailer: git-send-email 2.17.1 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The bug is here: if (nvkm_cstate_valid(clk, cstate, max_volt, clk->temp)) return cstate; The list iterator value 'cstate' will *always* be set and non-NULL by list_for_each_entry_from_reverse(), so it is incorrect to assume that the iterator value will be unchanged if the list is empty or no element is found (In fact, it will be a bogus pointer to an invalid structure object containing the HEAD). Also it missed a NULL check at callsite and may lead to invalid memory access after that. To fix this bug, just return 'encoder' when found, otherwise return NULL. And add the NULL check. Cc: stable@vger.kernel.org Fixes: 1f7f3d91ad38a ("drm/nouveau/clk: Respect voltage limits in nvkm_cstate_prog") Signed-off-by: Xiaomeng Tong --- drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c index 57199be082fd..c2b5cc5f97ed 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c @@ -135,10 +135,10 @@ nvkm_cstate_find_best(struct nvkm_clk *clk, struct nvkm_pstate *pstate, list_for_each_entry_from_reverse(cstate, &pstate->list, head) { if (nvkm_cstate_valid(clk, cstate, max_volt, clk->temp)) - break; + return cstate; } - return cstate; + return NULL; } static struct nvkm_cstate * @@ -169,6 +169,8 @@ nvkm_cstate_prog(struct nvkm_clk *clk, struct nvkm_pstate *pstate, int cstatei) if (!list_empty(&pstate->list)) { cstate = nvkm_cstate_get(clk, pstate, cstatei); cstate = nvkm_cstate_find_best(clk, pstate, cstate); + if (!cstate) + return -EINVAL; } else { cstate = &pstate->base; } -- 2.17.1