* [PATCH v2] drm/display: fix possible null-pointer dereference in dcn10_set_clock()
@ 2021-08-11 4:07 Tuo Li
2021-08-11 20:22 ` Alex Deucher
0 siblings, 1 reply; 2+ messages in thread
From: Tuo Li @ 2021-08-11 4:07 UTC (permalink / raw)
To: harry.wentland, sunpeng.li, alexander.deucher, christian.koenig,
Xinhui.Pan, airlied, daniel, Jun.Lei, Rodrigo.Siqueira, eryk.brol,
aric.cyr, vladimir.stempen, alvin.lee2, qingqing.zhuo,
isabel.zhang, sung.lee, Samson.Tam, paul.hsieh, wyatt.wood
Cc: amd-gfx, baijiaju1990, Tuo Li, TOTE Robot
The variable dc->clk_mgr is checked in:
if (dc->clk_mgr && dc->clk_mgr->funcs->get_clock)
This indicates dc->clk_mgr can be NULL.
However, it is dereferenced in:
if (!dc->clk_mgr->funcs->get_clock)
To fix this null-pointer dereference, check dc->clk_mgr and the function
pointer dc->clk_mgr->funcs->get_clock earlier, and return if one of them
is NULL.
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
---
v2:
* Move the check of function pointer dc->clk_mgr->funcs->get_clock earlier
and return if it is NULL.
Thank Chen, Guchun for helpful advice.
---
.../gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index c545eddabdcc..03e1c643502e 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -3631,13 +3631,12 @@ enum dc_status dcn10_set_clock(struct dc *dc,
struct dc_clock_config clock_cfg = {0};
struct dc_clocks *current_clocks = &context->bw_ctx.bw.dcn.clk;
- if (dc->clk_mgr && dc->clk_mgr->funcs->get_clock)
- dc->clk_mgr->funcs->get_clock(dc->clk_mgr,
- context, clock_type, &clock_cfg);
-
- if (!dc->clk_mgr->funcs->get_clock)
+ if (!dc->clk_mgr || !dc->clk_mgr->funcs->get_clock)
return DC_FAIL_UNSUPPORTED_1;
+ dc->clk_mgr->funcs->get_clock(dc->clk_mgr,
+ context, clock_type, &clock_cfg);
+
if (clk_khz > clock_cfg.max_clock_khz)
return DC_FAIL_CLK_EXCEED_MAX;
@@ -3655,7 +3654,7 @@ enum dc_status dcn10_set_clock(struct dc *dc,
else
return DC_ERROR_UNEXPECTED;
- if (dc->clk_mgr && dc->clk_mgr->funcs->update_clocks)
+ if (dc->clk_mgr->funcs->update_clocks)
dc->clk_mgr->funcs->update_clocks(dc->clk_mgr,
context, true);
return DC_OK;
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] drm/display: fix possible null-pointer dereference in dcn10_set_clock()
2021-08-11 4:07 [PATCH v2] drm/display: fix possible null-pointer dereference in dcn10_set_clock() Tuo Li
@ 2021-08-11 20:22 ` Alex Deucher
0 siblings, 0 replies; 2+ messages in thread
From: Alex Deucher @ 2021-08-11 20:22 UTC (permalink / raw)
To: Tuo Li
Cc: Wentland, Harry, Leo (Sunpeng) Li, Deucher, Alexander,
Christian Koenig, xinhui pan, Dave Airlie, Daniel Vetter, Jun Lei,
Siqueira, Rodrigo, Eryk Brol, Cyr, Aric, Vladimir Stempen,
Alvin Lee, Qingqing Zhuo, Isabel Zhang, Sung Lee, Samson Tam,
Paul Hsieh, Wyatt Wood, amd-gfx list, Jia-Ju Bai, TOTE Robot
Applied. Thanks!
Alex
On Wed, Aug 11, 2021 at 9:46 AM Tuo Li <islituo@gmail.com> wrote:
>
> The variable dc->clk_mgr is checked in:
> if (dc->clk_mgr && dc->clk_mgr->funcs->get_clock)
>
> This indicates dc->clk_mgr can be NULL.
> However, it is dereferenced in:
> if (!dc->clk_mgr->funcs->get_clock)
>
> To fix this null-pointer dereference, check dc->clk_mgr and the function
> pointer dc->clk_mgr->funcs->get_clock earlier, and return if one of them
> is NULL.
>
> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
> Signed-off-by: Tuo Li <islituo@gmail.com>
> ---
> v2:
> * Move the check of function pointer dc->clk_mgr->funcs->get_clock earlier
> and return if it is NULL.
> Thank Chen, Guchun for helpful advice.
> ---
> .../gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
> index c545eddabdcc..03e1c643502e 100644
> --- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
> +++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
> @@ -3631,13 +3631,12 @@ enum dc_status dcn10_set_clock(struct dc *dc,
> struct dc_clock_config clock_cfg = {0};
> struct dc_clocks *current_clocks = &context->bw_ctx.bw.dcn.clk;
>
> - if (dc->clk_mgr && dc->clk_mgr->funcs->get_clock)
> - dc->clk_mgr->funcs->get_clock(dc->clk_mgr,
> - context, clock_type, &clock_cfg);
> -
> - if (!dc->clk_mgr->funcs->get_clock)
> + if (!dc->clk_mgr || !dc->clk_mgr->funcs->get_clock)
> return DC_FAIL_UNSUPPORTED_1;
>
> + dc->clk_mgr->funcs->get_clock(dc->clk_mgr,
> + context, clock_type, &clock_cfg);
> +
> if (clk_khz > clock_cfg.max_clock_khz)
> return DC_FAIL_CLK_EXCEED_MAX;
>
> @@ -3655,7 +3654,7 @@ enum dc_status dcn10_set_clock(struct dc *dc,
> else
> return DC_ERROR_UNEXPECTED;
>
> - if (dc->clk_mgr && dc->clk_mgr->funcs->update_clocks)
> + if (dc->clk_mgr->funcs->update_clocks)
> dc->clk_mgr->funcs->update_clocks(dc->clk_mgr,
> context, true);
> return DC_OK;
> --
> 2.25.1
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-08-11 20:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-08-11 4:07 [PATCH v2] drm/display: fix possible null-pointer dereference in dcn10_set_clock() Tuo Li
2021-08-11 20:22 ` Alex Deucher
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.