Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1415505rwb; Mon, 7 Nov 2022 01:07:48 -0800 (PST) X-Google-Smtp-Source: AMsMyM5ujlSmJB5s8P1aTic2WLZgWIU+Xz/Vp9GxgR6l+VwjPfmJ9begguGBQkKU3Ry3ks/2WG/R X-Received: by 2002:a17:907:25c5:b0:783:f5df:900e with SMTP id ae5-20020a17090725c500b00783f5df900emr44192167ejc.491.1667812068375; Mon, 07 Nov 2022 01:07:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667812068; cv=none; d=google.com; s=arc-20160816; b=w3zwndgD2noZijAux9LB4fMrqe+c6xScJv59xg1YDEK+RF2urE7aCFOQSxBk7cR/hB 896rIdVIQWrYSruz6WMpy+WelDaUxRLEALBasD+h6/Z2p98iEN3vrbdURMvRHaMTI0RH OyA6oWksteiYbrcDuE/IPY1F2jmabVN2XOXS+rBK+WNjSsOnhR5Bpnv+HZR7ZuMO84dQ QIVRZURIoI9hdyXNo2sKX2SybBXrRTB6wJh8qjqaNkGS6RojN4gl9Mh5wGrJUJ6r4w1U ig2WxBVxZw4PeVIhCBdRjFg/lm+cMRJ5UFJJZQAjdIdhpYf8DsQ/bV6903yiv6zD8dTJ iujA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:feedback-id:dkim-signature:dkim-signature; bh=AMFmSDbfoi+g257DIcHWURYqpQsU+fk5FVNcvUts1PI=; b=BMbr/wUUNEKJ24yIUO2/C9cEfZQdV7jhu8zAkHD9LLQm3dUp71OFntnl3x4OMowicb tNpI2VF1zAsXB8Ohq0UEazUZmRtDE4jl94+HfSlH9/YTAje1tiKgD2ZgsFDjji1krfic ocr7LYBNv4Tm4W49TCJ0JnNbjAFTnc4sDiCGLTuVD2A0OgxMEYkKY6inWirDUBjLD65M 6x8gaz14oUBtp6M2+IRrJOFiGVsbRWjOcfXhGIMuDw6ICl+njMYl2zQa3MqiCM0ZKZnH BKRoXppuI89q7hyrBmV/FjE5ZMs79a/zca9BXQ5/Pkg5hYY4w9SLC5wEBbifPRxMJVhj GM3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cerno.tech header.s=fm2 header.b=C0fYiZEl; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=u4hmxmrE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cerno.tech Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dr14-20020a170907720e00b007adbf64b5f4si8533037ejc.768.2022.11.07.01.07.25; Mon, 07 Nov 2022 01:07:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cerno.tech header.s=fm2 header.b=C0fYiZEl; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=u4hmxmrE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cerno.tech Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231194AbiKGI0j (ORCPT + 95 others); Mon, 7 Nov 2022 03:26:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230263AbiKGI0h (ORCPT ); Mon, 7 Nov 2022 03:26:37 -0500 Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B2B4314002 for ; Mon, 7 Nov 2022 00:26:36 -0800 (PST) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 2832D3200930; Mon, 7 Nov 2022 03:26:35 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Mon, 07 Nov 2022 03:26:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cerno.tech; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; t=1667809594; x= 1667895994; bh=AMFmSDbfoi+g257DIcHWURYqpQsU+fk5FVNcvUts1PI=; b=C 0fYiZElKgzsizJiInh3BG1lRdsj3Oi3hMmnjP+SxfsNDIe8cvWvrl2+d30OvGVlH JsI7yZLB+uxP1e/buDEr/V89mRouz9Sc2U5P/uUFrZWlLdQSp7DPILBntshjxenM 9Byxlh5DbMbxwmjbiqz86pOeDhnS3E6goORf7okO2ln3b9bshgSePD5zi2Hxwnld h0OSzy+td7dPA4zuZ9fmhcYL8DlZOeMRDJg1YZoJMIoclVXEnBuhJQvdLNhSiFc7 95WzoYxhf1nG+GvkeEDhdpEVVbD59yD9bxglkEifBy2oppGKmn2W1AEgUMZZnUV5 vtBM6WXqe/o7ASekSi3rQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1667809594; x= 1667895994; bh=AMFmSDbfoi+g257DIcHWURYqpQsU+fk5FVNcvUts1PI=; b=u 4hmxmrE+vzZCPq40xS9bH2ywaqulLPOgAowLcF+gmhKKE8Ots9qiohgkMY14sKy8 n42S88XdRcSO/ft9zue21FLLVhiF2p4xUxFhCUHpWckVLJ7uxwzp47LUryxBEMbP YFmkyNZcNh+od8RRADtl96sPqd5Mly8RavJihuqulX8BYRyw5GWvVDQI2a5yA/8y CGzwAv5/5dc50DnIuoUN2TQErM+hBv59N4XsZnGmoRpyjKueNOrZiTkxfOeeNTCY DOqZorAE7vXMEs6l7oSMn37b4MazfE8L7t9ZGBP5atgL/Y58YmIhYeEtGsgYYA76 VYm5oFplWykzTmdJW5qWw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvgedrvdejgdduvddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggugfgjsehtqhertddttddunecuhfhrohhmpeforgig ihhmvgcutfhiphgrrhguuceomhgrgihimhgvsegtvghrnhhordhtvggthheqnecuggftrf grthhtvghrnhepleelfeeileelteetfedvieekfeefffevhfdtvefgheevudevheejvddv ieeltdeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epmhgrgihimhgvsegtvghrnhhordhtvggthh X-ME-Proxy: Feedback-ID: i8771445c:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 7 Nov 2022 03:26:34 -0500 (EST) Date: Mon, 7 Nov 2022 09:26:30 +0100 From: Maxime Ripard To: =?utf-8?B?Sm9zw6kgRXhww7NzaXRv?= Cc: emma@anholt.net, airlied@gmail.com, daniel@ffwll.ch, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] drm/vc4: hdmi: Fix pointer dereference before check Message-ID: <20221107082630.tjebvwt4hevhdsos@houat> References: <20221029093413.546103-1-jose.exposito89@gmail.com> <20221102090153.tujblkvd3jlhdtxr@houat> <20221102111003.GA3233@elementary> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20221102111003.GA3233@elementary> X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 02, 2022 at 12:10:03PM +0100, Jos=E9 Exp=F3sito wrote: > Hi Maxime, >=20 > Thanks a lot for looking into the patch. >=20 > On Wed, Nov 02, 2022 at 10:01:53AM +0100, Maxime Ripard wrote: > > Hi, > >=20 > > On Sat, Oct 29, 2022 at 11:34:13AM +0200, Jos=E9 Exp=F3sito wrote: > > > Commit 6bed2ea3cb38 ("drm/vc4: hdmi: Reset link on hotplug") introduc= ed > > > the vc4_hdmi_reset_link() function. This function dereferences the > > > "connector" pointer before checking whether it is NULL or not. > > >=20 > > > Rework variable assignment to avoid this issue. > > >=20 > > > Fixes: 6bed2ea3cb38 ("drm/vc4: hdmi: Reset link on hotplug") > > > Signed-off-by: Jos=E9 Exp=F3sito > > > --- > > > drivers/gpu/drm/vc4/vc4_hdmi.c | 10 +++++++--- > > > 1 file changed, 7 insertions(+), 3 deletions(-) > > >=20 > > > diff --git a/drivers/gpu/drm/vc4/vc4_hdmi.c b/drivers/gpu/drm/vc4/vc4= _hdmi.c > > > index 4a73fafca51b..07d058b6afb7 100644 > > > --- a/drivers/gpu/drm/vc4/vc4_hdmi.c > > > +++ b/drivers/gpu/drm/vc4/vc4_hdmi.c > > > @@ -319,9 +319,9 @@ static int reset_pipe(struct drm_crtc *crtc, > > > static int vc4_hdmi_reset_link(struct drm_connector *connector, > > > struct drm_modeset_acquire_ctx *ctx) > > > { > > > - struct drm_device *drm =3D connector->dev; > > > - struct vc4_hdmi *vc4_hdmi =3D connector_to_vc4_hdmi(connector); > > > - struct drm_encoder *encoder =3D &vc4_hdmi->encoder.base; > > > + struct drm_device *drm; > > > + struct vc4_hdmi *vc4_hdmi; > > > + struct drm_encoder *encoder; > > > struct drm_connector_state *conn_state; > > > struct drm_crtc_state *crtc_state; > > > struct drm_crtc *crtc; > > > @@ -332,6 +332,10 @@ static int vc4_hdmi_reset_link(struct drm_connec= tor *connector, > > > if (!connector) > > > return 0; > > > =20 > > > + drm =3D connector->dev; > > > + vc4_hdmi =3D connector_to_vc4_hdmi(connector); > > > + encoder =3D &vc4_hdmi->encoder.base; > > > + > >=20 > > I don't think that's right. Connector shouldn't be NULL to begin with, > > how did you notice this? > >=20 > > Maxime >=20 > This issue was reported by Coverity. At the moment this function is not > invoked with a NULL connector by any code path. However, since the NULL > check is present, in my opinion, it makes sense to either remove it or > make it usefull just in case the preconditions change in the future. Yeah, it makes sense I'd ask for a small cosmetic change then, could you add the assignments where they are actually needed instead of at the top of the function? Something like if (!connector) return 0; +drm =3D connector->dev; ret =3D drm_modeset_lock(&drm->mode_config.connection_mutex, ctx); =2E.. +vc4_hdmi =3D connector_to_vc4_hdmi(connector); if (!vc4_hdmi_supports_scrambling(vc4_hdmi)) =2E.. Changing the prototype of vc4_hdmi_supports_scrambling to take a struct vc4_hdmi pointer would also help, it's much more convenient. Maxime