[drm-next] drm/amd/display: fix a potential null pointer dereference

Submitted by Colin King on Aug. 16, 2019, 10:10 p.m.

Details

Message ID 20190816221011.10750-1-colin.king@canonical.com
State New
Headers show
Series "drm/amd/display: fix a potential null pointer dereference" ( rev: 1 ) in DRI devel

Not browsing as part of any series.

Commit Message

Colin King Aug. 16, 2019, 10:10 p.m.
From: Colin Ian King <colin.king@canonical.com>

Currently the pointer init_data is dereferenced on the assignment
of fw_info before init_data is sanity checked to see if it is null.
Fix te potential null pointer dereference on init_data by only
performing dereference after it is null checked.

Addresses-Coverity: ("Dereference before null check")
Fixes: 9adc8050bf3c ("drm/amd/display: make firmware info only load once during dc_bios create")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
index bee81bf288be..926954c804a6 100644
--- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
+++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
@@ -1235,7 +1235,7 @@  static bool calc_pll_max_vco_construct(
 			struct calc_pll_clock_source_init_data *init_data)
 {
 	uint32_t i;
-	struct dc_firmware_info *fw_info = &init_data->bp->fw_info;
+	struct dc_firmware_info *fw_info;
 	if (calc_pll_cs == NULL ||
 			init_data == NULL ||
 			init_data->bp == NULL)
@@ -1244,6 +1244,7 @@  static bool calc_pll_max_vco_construct(
 	if (init_data->bp->fw_info_valid)
 		return false;
 
+	fw_info = &init_data->bp->fw_info;
 	calc_pll_cs->ctx = init_data->ctx;
 	calc_pll_cs->ref_freq_khz = fw_info->pll_info.crystal_frequency;
 	calc_pll_cs->min_vco_khz =

Comments

On Fri, Aug 16, 2019 at 11:10:11PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> Currently the pointer init_data is dereferenced on the assignment
> of fw_info before init_data is sanity checked to see if it is null.
> Fix te potential null pointer dereference on init_data by only
> performing dereference after it is null checked.
> 
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 9adc8050bf3c ("drm/amd/display: make firmware info only load once during dc_bios create")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>  drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
> index bee81bf288be..926954c804a6 100644
> --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
> +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
> @@ -1235,7 +1235,7 @@ static bool calc_pll_max_vco_construct(
>  			struct calc_pll_clock_source_init_data *init_data)
>  {
>  	uint32_t i;
> -	struct dc_firmware_info *fw_info = &init_data->bp->fw_info;
> +	struct dc_firmware_info *fw_info;
>  	if (calc_pll_cs == NULL ||
>  			init_data == NULL ||
>  			init_data->bp == NULL)

init_data can't be NULL.  I'm mostly pointing this out because that NULL
check is written so higgledy-piggledy.  At first I thought this was
staging code so I was planning to ignore the patch.  :P

regards,
dan carpenter
On 2019-08-16 6:10 p.m., Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>

> 

> Currently the pointer init_data is dereferenced on the assignment

> of fw_info before init_data is sanity checked to see if it is null.

> Fix te potential null pointer dereference on init_data by only

> performing dereference after it is null checked.

> 

> Addresses-Coverity: ("Dereference before null check")

> Fixes: 9adc8050bf3c ("drm/amd/display: make firmware info only load once during dc_bios create")

> Signed-off-by: Colin Ian King <colin.king@canonical.com>


Reviewed-by: Harry Wentland <harry.wentland@amd.com>


Harry

> ---

>  drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c | 3 ++-

>  1 file changed, 2 insertions(+), 1 deletion(-)

> 

> diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c

> index bee81bf288be..926954c804a6 100644

> --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c

> +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c

> @@ -1235,7 +1235,7 @@ static bool calc_pll_max_vco_construct(

>  			struct calc_pll_clock_source_init_data *init_data)

>  {

>  	uint32_t i;

> -	struct dc_firmware_info *fw_info = &init_data->bp->fw_info;

> +	struct dc_firmware_info *fw_info;

>  	if (calc_pll_cs == NULL ||

>  			init_data == NULL ||

>  			init_data->bp == NULL)

> @@ -1244,6 +1244,7 @@ static bool calc_pll_max_vco_construct(

>  	if (init_data->bp->fw_info_valid)

>  		return false;

>  

> +	fw_info = &init_data->bp->fw_info;

>  	calc_pll_cs->ctx = init_data->ctx;

>  	calc_pll_cs->ref_freq_khz = fw_info->pll_info.crystal_frequency;

>  	calc_pll_cs->min_vco_khz =

>
On Thu, Aug 22, 2019 at 3:21 PM Harry Wentland <hwentlan@amd.com> wrote:
>
> On 2019-08-16 6:10 p.m., Colin King wrote:
> > From: Colin Ian King <colin.king@canonical.com>
> >
> > Currently the pointer init_data is dereferenced on the assignment
> > of fw_info before init_data is sanity checked to see if it is null.
> > Fix te potential null pointer dereference on init_data by only
> > performing dereference after it is null checked.
> >
> > Addresses-Coverity: ("Dereference before null check")
> > Fixes: 9adc8050bf3c ("drm/amd/display: make firmware info only load once during dc_bios create")
> > Signed-off-by: Colin Ian King <colin.king@canonical.com>
>
> Reviewed-by: Harry Wentland <harry.wentland@amd.com>
>

Applied.  Thanks!

Alex

> Harry
>
> > ---
> >  drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
> > index bee81bf288be..926954c804a6 100644
> > --- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
> > +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
> > @@ -1235,7 +1235,7 @@ static bool calc_pll_max_vco_construct(
> >                       struct calc_pll_clock_source_init_data *init_data)
> >  {
> >       uint32_t i;
> > -     struct dc_firmware_info *fw_info = &init_data->bp->fw_info;
> > +     struct dc_firmware_info *fw_info;
> >       if (calc_pll_cs == NULL ||
> >                       init_data == NULL ||
> >                       init_data->bp == NULL)
> > @@ -1244,6 +1244,7 @@ static bool calc_pll_max_vco_construct(
> >       if (init_data->bp->fw_info_valid)
> >               return false;
> >
> > +     fw_info = &init_data->bp->fw_info;
> >       calc_pll_cs->ctx = init_data->ctx;
> >       calc_pll_cs->ref_freq_khz = fw_info->pll_info.crystal_frequency;
> >       calc_pll_cs->min_vco_khz =
> >
> _______________________________________________
> amd-gfx mailing list
> amd-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx