Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1036132rwb;
        Wed, 7 Dec 2022 07:57:02 -0800 (PST)
X-Google-Smtp-Source: AA0mqf5PaejXzJ1IepreEI0Q7vYjA5JaCjo4mQWRKWhpiX/KyrEayljlZLMQ74RsENOlai2zn8vw
X-Received: by 2002:a17:906:77c9:b0:7c0:dcc3:f9f9 with SMTP id m9-20020a17090677c900b007c0dcc3f9f9mr15290557ejn.747.1670428622683;
        Wed, 07 Dec 2022 07:57:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1670428622; cv=none;
        d=google.com; s=arc-20160816;
        b=zSQAomWdm6whPjHIuiQfaqbDlzmL/qoF+DCB6JKGTjIQABqIdcpvw1ZiTNElUNkoZd
         eIAKKlbJfuVS9v5jvPixwMyz7hsa/SOnGoLlT8nveIit2oYaR1BpQvoGKBTTCC9De9UR
         OszsQQK1r3M9s4jMlgnWG5f32eS0HH5N5cMQslAK0xIlksE6HThdOqoGO2GgxrNcNF8v
         dR/5YjeAmgYwkB618S1xNpBXE0VhDsOH06eYLA/10m7rdbh3H0zl5x7csCGKfz5GnKb9
         hkjfX35mhaPCbWkKWNCuOMTYkjWuPqpwyuAY6l0A/0qXJ592o2ONaUwHL5xJxTis4eWE
         nDFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=v2vuGDqCagsmSFrehltyZLF1FH5z24OpM3RXz/yn2jc=;
        b=Hlrh1wgKGXMcdahP1dgYTZr0yFIPC6lid8V/py+nC1EPJbBT7fk0DbadEfs1RCXXn5
         vbYiuXo81q+6roM3z7I5gDa1FQpEiG65H1oOgERMIx4ZiN5s3HVplgRJuOhfEM3UwGKJ
         TfPLqvA8lY2j0cQmpDMCHGCdXY8sXolsePrqivhICjR9PHRfMznWsa5syCdKSsU2cwDi
         ohE6+cI1WwpDIge6XFDAf8DHcHOSzNlI+zG1C1Fs3xNyB38mqJqVsbLPkQr1KeOBqaMz
         ZA3UK2CUo1c9f/MWm8Elu6ClDFCEa2Pc77OD0IHEHzHQtppvWV8HjYLds9kHBUnVQ3Bw
         hkUg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ds15-20020a170907724f00b007ae165c79c8si18138253ejc.940.2022.12.07.07.56.42;
        Wed, 07 Dec 2022 07:57:02 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229788AbiLGPaD (ORCPT <rfc822;2014014876lha@gmail.com>
        + 76 others); Wed, 7 Dec 2022 10:30:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38364 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229671AbiLGPaA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 7 Dec 2022 10:30:00 -0500
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id F3166442E6
        for <linux-kernel@vger.kernel.org>; Wed,  7 Dec 2022 07:29:58 -0800 (PST)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5993ED6E
        for <linux-kernel@vger.kernel.org>; Wed,  7 Dec 2022 07:30:05 -0800 (PST)
Received: from e110455-lin.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 62DEE3F73B
        for <linux-kernel@vger.kernel.org>; Wed,  7 Dec 2022 07:29:58 -0800 (PST)
Date:   Wed, 7 Dec 2022 15:29:48 +0000
From:   Liviu Dudau <liviu.dudau@arm.com>
To:     Robin Murphy <robin.murphy@arm.com>
Cc:     Jiasheng Jiang <jiasheng@iscas.ac.cn>, brian.starkey@arm.com,
        airlied@gmail.com, daniel@ffwll.ch, linux-kernel@vger.kernel.org,
        dri-devel@lists.freedesktop.org
Subject: Re: [PATCH] drm: mali-dp: Add check for kzalloc
Message-ID: <Y5CxbDENPVbyqM6C@e110455-lin.cambridge.arm.com>
References: <20221207092118.20603-1-jiasheng@iscas.ac.cn>
 <17efaae0-9b6c-86ea-5fec-568d024d229f@arm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <17efaae0-9b6c-86ea-5fec-568d024d229f@arm.com>
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Dec 07, 2022 at 01:59:04PM +0000, Robin Murphy wrote:
> On 2022-12-07 09:21, Jiasheng Jiang wrote:
> > As kzalloc may fail and return NULL pointer, it should be better to check
> > the return value in order to avoid the NULL pointer dereference in
> > __drm_atomic_helper_connector_reset.
> 
> This commit message is nonsense; if __drm_atomic_helper_connector_reset()
> would dereference the NULL implied by &mw_state->base, it would equally
> still dereference the explicit NULL pointer passed after this patch.

Where?

> 
> The current code works out OK because "base" is the first member of struct
> malidp_mw_connector_state, thus if mw_state is NULL then &mw_state->base ==
> NULL + 0 == NULL. Now you *could* argue that this isn't robust if the layout
> of struct malidp_mw_connector_state ever changes, and that could be a valid
> justification for making this change, but the reason given certainly isn't.

I appreciate the input and I agree with your analysis, however I don't have the same
confidence that compilers will always do the NULL + 0 math to get address of base.
Would this always work when you have authenticated pointers or is the compiler going
to generate some plumbing code that checks the pointer before doing the math?

> 
> Arithmetic on a (potentially) NULL pointer may well be a sign that it's
> worth a closer look to check whether it really is what the code intended to
> do, but don't automatically assume it has to be a bug. Otherwise, good luck
> with "fixing" every user of container_of() throughout the entire kernel.

My understanding is that you're supposed to use container_of() only when you're sure
that your pointer is valid. container_of_safe() seems to be the one to use when you
don't care about NULL pointers.

Best regards,
Liviu

> 
> Thanks,
> Robin.
> 
> > Fixes: 8cbc5caf36ef ("drm: mali-dp: Add writeback connector")
> > Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> > ---
> >   drivers/gpu/drm/arm/malidp_mw.c | 6 +++++-
> >   1 file changed, 5 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/gpu/drm/arm/malidp_mw.c b/drivers/gpu/drm/arm/malidp_mw.c
> > index ef76d0e6ee2f..fe4474c2ddcf 100644
> > --- a/drivers/gpu/drm/arm/malidp_mw.c
> > +++ b/drivers/gpu/drm/arm/malidp_mw.c
> > @@ -72,7 +72,11 @@ static void malidp_mw_connector_reset(struct drm_connector *connector)
> >   		__drm_atomic_helper_connector_destroy_state(connector->state);
> >   	kfree(connector->state);
> > -	__drm_atomic_helper_connector_reset(connector, &mw_state->base);
> > +
> > +	if (mw_state)
> > +		__drm_atomic_helper_connector_reset(connector, &mw_state->base);
> > +	else
> > +		__drm_atomic_helper_connector_reset(connector, NULL);
> >   }
> >   static enum drm_connector_status

-- 
====================
| I would like to |
| fix the world,  |
| but they're not |
| giving me the   |
 \ source code!  /
  ---------------
    ¯\_(ツ)_/¯