Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1510072pxb;
        Wed, 30 Mar 2022 05:19:12 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJya5bJYaacVOC1g4GZe6k81CbqheduTmEeIR6+FSWx4bPGbaHh75hnhmYNsxVHMeJbSSgmI
X-Received: by 2002:a17:907:8a26:b0:6e1:2646:ef23 with SMTP id sc38-20020a1709078a2600b006e12646ef23mr13947171ejc.109.1648642752121;
        Wed, 30 Mar 2022 05:19:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1648642752; cv=none;
        d=google.com; s=arc-20160816;
        b=ux3tC5YdHLnQMxFEXGNh/gjex46EHfNNQz2k8v3rQ3bVeekd64Sx0CCj6GB3GLJPrQ
         CLvlgKaRzNDGdTHEnCQNtS+e8WRT50kEjCEwSyIGvgIy15SD6GR1Z7xbMwcpzRtfIX7Z
         v85SHgJjATONj+WYsNTe07ols/4CWNTonK4KLq8JTovZNRNG9CA/eJOrHDzHTXXO5U7A
         lVdbTv+jubCwJ4aNIbwiz18fZOm7c4hZq4xee/G+nTKzId0UZSF9B+WjnN9bxlsBldq2
         FvyK6Z/V8kQ86VYq4HH1LQRqQFkgBWbYX/haZ9P48iDZIeYqDM4k+pqAIDESm5nerfC4
         Wgbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=WeHHguGPowcDvWMr7blgBmwq0GWd0bNHBYB846nmBBc=;
        b=GDbKtwxLxOpvXC+pZ+P+0uJ86n4zIUEy7gNNyGzl9ZyeFN0wYaOpY3olBaaCajbep7
         GFpeB+/mSJo2E/5hjzdSKsmwHFUANY4qNil/KL+IDdvtfQ5GXWr53RAcTG1w6pFMtm60
         oDwVok+b9T2QlFP6ZdeXukuln0Bl341KUZibrnlN8yp/tVe6l2BSY8pPa5+CkFewvt7+
         9qeDGn0uTvoUPrB9kC1Sj48Zu0yojQuBJSUMgBy5QarxsqO/qOtQStOW5fb/3I2sVv7o
         LD+GAdX9MYj2ByqGavgKdiTcGpY1SOoj9YYp5lUkcFZPwEVn80I6Ki+RoJtjfkf9Fgu6
         JLIg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=R7CuH78v;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id f14-20020a50e08e000000b00419443b6298si20824863edl.530.2022.03.30.05.18.45;
        Wed, 30 Mar 2022 05:19:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=R7CuH78v;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235470AbiC2LBD (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Tue, 29 Mar 2022 07:01:03 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36538 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234057AbiC2LBB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 29 Mar 2022 07:01:01 -0400
Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F23D8566F;
        Tue, 29 Mar 2022 03:59:19 -0700 (PDT)
Received: by mail-qk1-x731.google.com with SMTP id v13so13707315qkv.3;
        Tue, 29 Mar 2022 03:59:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=WeHHguGPowcDvWMr7blgBmwq0GWd0bNHBYB846nmBBc=;
        b=R7CuH78vDiYCJvedJaROsJPEXMamwU/N6ut1asPh8lNtVeQ9xie9A2Ck2ZDyCRvwMU
         uzfEsvjCK7IFPpXPluuxrdrunYczj8sdNfT6qCG81bsOmvPDIg82DT1zGFk9FArYB+WR
         XSXgy03C+Bf+1ksfXj8/gqu4dd1Oe0kNaOZ37INj1DE9zjrQwbNVWwjval2REUDLt9lE
         qunnvuK6B0vLkMTUL7QN0Vga8qZiD77UAmhmc+hHt1sDdUHCE1Zsn9ajGIEZHh0x69uH
         9dfUabQggu7sz3o3gwJibuHG8rmWNTvOfLeSvsZgkSAVVA2ak+oOUxClmbDqt6RYvbwR
         13BA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=WeHHguGPowcDvWMr7blgBmwq0GWd0bNHBYB846nmBBc=;
        b=mJbL5LyPSNcvwfdu1nPhr9TGlbaC5wGCxaOE5/rylLItl0j26CsAXst7CJYXto1Rj7
         38/qJ0JYXqReb9b/7/qt/OEekuSauVSDBBsxBVnbohvYG0u17SbV3z9kdG2dEk2DpbCK
         8WynNJ6wmpRb+OfmjbiN4CGHT/MjMgYMTZj4erXwRjcc/M6hbTtbnrIUYNDLdmS37KY1
         n/fOBlHf4Tse8XddhRTWt/Hv2EmRJ1N1Y6fZ1ZF9ggk3oTLA5kqTGdIU/F3aEVaPFXNb
         s6J9roId1iPkycK+Tfjj5Cb4VtmwT94Cev6ydgihiyx44prT9IM/E6jiv2W/2rPNG63H
         vWkA==
X-Gm-Message-State: AOAM531iIslNbeLamqLBl7VaoUGHudXf1n2ZFSu58e/dULja7yCPfDV5
        iotx5VC8SmTUziuuCzfZieNYTrrp7G33Eh6Y0GH2gStc
X-Received: by 2002:a37:a644:0:b0:680:9e24:6583 with SMTP id
 p65-20020a37a644000000b006809e246583mr18903701qke.366.1648551558094; Tue, 29
 Mar 2022 03:59:18 -0700 (PDT)
MIME-Version: 1.0
References: <CACvgo50pK3rr5UH_FyfR1pADmPRjEawi43cAecoaz7nM5AFgBg@mail.gmail.com>
 <20220328020902.19369-1-xiam0nd.tong@gmail.com>
In-Reply-To: <20220328020902.19369-1-xiam0nd.tong@gmail.com>
From:   Emil Velikov <emil.l.velikov@gmail.com>
Date:   Tue, 29 Mar 2022 11:59:06 +0100
Message-ID: <CACvgo5342xQHb07FVK4beXWgFexZR0LyODEqemE3y1subnEw1Q@mail.gmail.com>
Subject: Re: [PATCH] dispnv50: atom: fix an incorrect NULL check on list iterator
To:     Xiaomeng Tong <xiam0nd.tong@gmail.com>
Cc:     Dave Airlie <airlied@linux.ie>, Ben Skeggs <bskeggs@redhat.com>,
        Daniel Vetter <daniel@ffwll.ch>,
        ML dri-devel <dri-devel@lists.freedesktop.org>,
        Karol Herbst <kherbst@redhat.com>,
        "Linux-Kernel@Vger. Kernel. Org" <linux-kernel@vger.kernel.org>,
        Lyude <lyude@redhat.com>,
        ML nouveau <nouveau@lists.freedesktop.org>,
        "# 3.13+" <stable@vger.kernel.org>, yangyingliang@huawei.com
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
        RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 28 Mar 2022 at 03:09, Xiaomeng Tong <xiam0nd.tong@gmail.com> wrote:
>
> on Sun, 27 Mar 2022 16:59:28 +0100, Emil Velikov wrote:
> > On Sun, 27 Mar 2022 at 08:39, Xiaomeng Tong <xiam0nd.tong@gmail.com> wrote:
> > >
> > > The bug is here:
> > >         return encoder;
> > >
> > > The list iterator value 'encoder' will *always* be set and non-NULL
> > > by drm_for_each_encoder_mask(), so it is incorrect to assume that the
> > > iterator value will be NULL if the list is empty or no element found.
> > > Otherwise it will bypass some NULL checks and lead to invalid memory
> > > access passing the check.
> > >
> > > To fix this bug, just return 'encoder' when found, otherwise return
> > > NULL.
> > >
> >
> > Isn't this covered by the upcoming list* iterator rework [1] or is
> > this another iterator glitch?
>
> Actually, it is a part of the upcoming work.
>
> > IMHO we should be looking at fixing the implementation and not the
> > hundreds of users through the kernel.
> >
> > HTH
> > -Emil
> > [1] https://lwn.net/Articles/887097/
>
> Yes, you are right. This has also been taken into account by the upcoming
> list iterator rework to avoid a lot uesr' changes as much as possible.
>
> However, this patch is fixing a potential bug caused by incorrect use of
> list iterator outside the loop, which can not be fixed by the implementation
> itself.
>

I see, thanks for the information o/

-Emil