From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Gustavo A. R. Silva" Subject: [PATCH] drm/msm/adreno/a5xx_debugfs: fix potential NULL pointer dereference Date: Fri, 2 Feb 2018 06:32:23 -0600 Message-ID: <20180202123223.GA4410@embeddedor.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org To: Rob Clark , David Airlie Cc: linux-arm-msm@vger.kernel.org, dri-devel@lists.freedesktop.org, freedreno@lists.freedesktop.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" List-Id: linux-arm-msm@vger.kernel.org _minor_ is being dereferenced before it is null checked, hence there is a potential null pointer dereference. Fix this by moving the pointer dereference after _minor_ has been null checked. Fixes: 024ad8df763f ("drm/msm: add a5xx specific debugfs") Signed-off-by: Gustavo A. R. Silva --- I wonder if a better solution for this would be to WARN_ON in case _minor_ happens to be NULL and return -EINVAL, instead of just returning zero. Something like: struct drm_device *dev; if (WARN_ON(!minor) return -EINVAL; dev = minor->dev; What do you think? Thanks drivers/gpu/drm/msm/adreno/a5xx_debugfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/msm/adreno/a5xx_debugfs.c b/drivers/gpu/drm/msm/adreno/a5xx_debugfs.c index 6b27941..059ec7d 100644 --- a/drivers/gpu/drm/msm/adreno/a5xx_debugfs.c +++ b/drivers/gpu/drm/msm/adreno/a5xx_debugfs.c @@ -159,13 +159,15 @@ DEFINE_SIMPLE_ATTRIBUTE(reset_fops, NULL, reset_set, "%llx\n"); int a5xx_debugfs_init(struct msm_gpu *gpu, struct drm_minor *minor) { - struct drm_device *dev = minor->dev; + struct drm_device *dev; struct dentry *ent; int ret; if (!minor) return 0; + dev = minor->dev; + ret = drm_debugfs_create_files(a5xx_debugfs_list, ARRAY_SIZE(a5xx_debugfs_list), minor->debugfs_root, minor); -- 2.7.4