From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78697C2BC11 for ; Fri, 11 Sep 2020 09:50:04 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0E6BB206F4 for ; Fri, 11 Sep 2020 09:50:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0E6BB206F4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id B0EF96E99F; Fri, 11 Sep 2020 09:49:37 +0000 (UTC) Received: from huawei.com (szxga07-in.huawei.com [45.249.212.35]) by gabe.freedesktop.org (Postfix) with ESMTPS id C66D16E038 for ; Thu, 10 Sep 2020 12:35:25 +0000 (UTC) Received: from DGGEMS412-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 135462F4C83CA4C34600; Thu, 10 Sep 2020 20:35:18 +0800 (CST) Received: from [10.174.178.248] (10.174.178.248) by smtp.huawei.com (10.3.19.212) with Microsoft SMTP Server (TLS) id 14.3.487.0; Thu, 10 Sep 2020 20:35:13 +0800 Subject: Re: [PATCH] drm/mm: prevent a potential null-pointer dereference To: =?UTF-8?Q?Christian_K=c3=b6nig?= , , , , , , References: <20200910023858.43759-1-jingxiangfeng@huawei.com> From: Jing Xiangfeng Message-ID: <5F5A1D80.2060902@huawei.com> Date: Thu, 10 Sep 2020 20:35:12 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: X-Originating-IP: [10.174.178.248] X-CFilter-Loop: Reflected X-Mailman-Approved-At: Fri, 11 Sep 2020 09:49:36 +0000 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" CgpPbiAyMDIwLzkvMTAgMTY6NTgsIENocmlzdGlhbiBLw7ZuaWcgd3JvdGU6Cj4gQW0gMTAuMDku MjAgdW0gMDQ6Mzggc2NocmllYiBKaW5nIFhpYW5nZmVuZzoKPj4gVGhlIG1hY3JvICdERUNMQVJF X05FWFRfSE9MRV9BRERSJyBtYXkgaGl0IGEgcG90ZW50aWFsIG51bGwtcG9pbnRlcgo+PiBkZXJl ZmVyZW5jZS4gU28gdXNlICdlbnRyeScgYWZ0ZXIgY2hlY2tpbmcgaXQuCj4KPiBJIGRvbid0IHNl ZSBhIHBvdGVudGlhbCBudWxsLXBvaW50ZXIgZGVyZWZlcmVuY2UgaGVyZS4KPgo+IFdoZXJlIHNo b3VsZCB0aGF0IGJlPwoKSW4gY3VycmVudCBjb2Rl77yMdGhlICJlbnRyeSIgcG9pbnRlciBpcyBj aGVja2VkIGFmdGVyIGVudHJ5LT5yYl9ob2xlX2FkZHIuCglUaGFua3MKPgo+IENocmlzdGlhbi4K Pgo+Pgo+PiBGaXhlczogNWZhZDc5ZmQ2NmZmICgiZHJtL21tOiBjbGVhbnVwIGFuZCBpbXByb3Zl IG5leHRfaG9sZV8qX2FkZHIoKSIpCj4+IFNpZ25lZC1vZmYtYnk6IEppbmcgWGlhbmdmZW5nIDxq aW5neGlhbmdmZW5nQGh1YXdlaS5jb20+Cj4+IC0tLQo+PiAgIGRyaXZlcnMvZ3B1L2RybS9kcm1f bW0uYyB8IDcgKysrKystLQo+PiAgIDEgZmlsZSBjaGFuZ2VkLCA1IGluc2VydGlvbnMoKyksIDIg ZGVsZXRpb25zKC0pCj4+Cj4+IGRpZmYgLS1naXQgYS9kcml2ZXJzL2dwdS9kcm0vZHJtX21tLmMg Yi9kcml2ZXJzL2dwdS9kcm0vZHJtX21tLmMKPj4gaW5kZXggYTRhMDRkMjQ2MTM1Li42ZmNmNzBm NzE5NjIgMTAwNjQ0Cj4+IC0tLSBhL2RyaXZlcnMvZ3B1L2RybS9kcm1fbW0uYwo+PiArKysgYi9k cml2ZXJzL2dwdS9kcm0vZHJtX21tLmMKPj4gQEAgLTM5MiwxMSArMzkyLDE0IEBAIGZpcnN0X2hv bGUoc3RydWN0IGRybV9tbSAqbW0sCj4+ICAgI2RlZmluZSBERUNMQVJFX05FWFRfSE9MRV9BRERS KG5hbWUsIGZpcnN0LCBsYXN0KSAgICAgICAgICAgIFwKPj4gICBzdGF0aWMgc3RydWN0IGRybV9t bV9ub2RlICpuYW1lKHN0cnVjdCBkcm1fbW1fbm9kZSAqZW50cnksIHU2NAo+PiBzaXplKSAgICBc Cj4+ICAgeyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKPj4gLSAgICBzdHJ1 Y3QgcmJfbm9kZSAqcGFyZW50LCAqbm9kZSA9ICZlbnRyeS0+cmJfaG9sZV9hZGRyOyAgICAgICAg XAo+PiArICAgIHN0cnVjdCByYl9ub2RlICpwYXJlbnQsICpub2RlOyAgICAgICAgICAgICAgICAg ICAgXAo+PiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKPj4gLSAgICBp ZiAoIWVudHJ5IHx8IFJCX0VNUFRZX05PREUobm9kZSkpICAgICAgICAgICAgICAgIFwKPj4gKyAg ICBpZiAoIWVudHJ5KSAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCj4+ICAgICAgICAgICBy ZXR1cm4gTlVMTDsgICAgICAgICAgICAgICAgICAgICAgICBcCj4+ICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgXAo+PiArICAgIG5vZGUgPSAmZW50cnktPnJiX2hvbGVfYWRk cjsgICAgICAgICAgICAgICAgICAgIFwKPj4gKyAgICBpZiAoUkJfRU1QVFlfTk9ERShub2RlKSkg ICAgICAgICAgICAgICAgICAgIFwKPj4gKyAgICAgICAgcmV0dXJuIE5VTEw7ICAgICAgICAgICAg ICAgICAgICAgICAgXAo+PiAgICAgICBpZiAodXNhYmxlX2hvbGVfYWRkcihub2RlLT5maXJzdCwg c2l6ZSkpIHsgICAgICAgICAgICBcCj4+ICAgICAgICAgICBub2RlID0gbm9kZS0+Zmlyc3Q7ICAg ICAgICAgICAgICAgICAgICBcCj4+ICAgICAgICAgICB3aGlsZSAodXNhYmxlX2hvbGVfYWRkcihu b2RlLT5sYXN0LCBzaXplKSkgICAgICAgIFwKPgo+IC4KPgpfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXwpkcmktZGV2ZWwgbWFpbGluZyBsaXN0CmRyaS1kZXZl bEBsaXN0cy5mcmVlZGVza3RvcC5vcmcKaHR0cHM6Ly9saXN0cy5mcmVlZGVza3RvcC5vcmcvbWFp bG1hbi9saXN0aW5mby9kcmktZGV2ZWwK From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 630ADC433E2 for ; Thu, 10 Sep 2020 12:42:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0FB7020C09 for ; Thu, 10 Sep 2020 12:42:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728289AbgIJMm1 (ORCPT ); Thu, 10 Sep 2020 08:42:27 -0400 Received: from szxga07-in.huawei.com ([45.249.212.35]:35772 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730770AbgIJMfv (ORCPT ); Thu, 10 Sep 2020 08:35:51 -0400 Received: from DGGEMS412-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 135462F4C83CA4C34600; Thu, 10 Sep 2020 20:35:18 +0800 (CST) Received: from [10.174.178.248] (10.174.178.248) by smtp.huawei.com (10.3.19.212) with Microsoft SMTP Server (TLS) id 14.3.487.0; Thu, 10 Sep 2020 20:35:13 +0800 Subject: Re: [PATCH] drm/mm: prevent a potential null-pointer dereference To: =?UTF-8?Q?Christian_K=c3=b6nig?= , , , , , , References: <20200910023858.43759-1-jingxiangfeng@huawei.com> CC: , From: Jing Xiangfeng Message-ID: <5F5A1D80.2060902@huawei.com> Date: Thu, 10 Sep 2020 20:35:12 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.178.248] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/9/10 16:58, Christian König wrote: > Am 10.09.20 um 04:38 schrieb Jing Xiangfeng: >> The macro 'DECLARE_NEXT_HOLE_ADDR' may hit a potential null-pointer >> dereference. So use 'entry' after checking it. > > I don't see a potential null-pointer dereference here. > > Where should that be? In current code,the "entry" pointer is checked after entry->rb_hole_addr. Thanks > > Christian. > >> >> Fixes: 5fad79fd66ff ("drm/mm: cleanup and improve next_hole_*_addr()") >> Signed-off-by: Jing Xiangfeng >> --- >> drivers/gpu/drm/drm_mm.c | 7 +++++-- >> 1 file changed, 5 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c >> index a4a04d246135..6fcf70f71962 100644 >> --- a/drivers/gpu/drm/drm_mm.c >> +++ b/drivers/gpu/drm/drm_mm.c >> @@ -392,11 +392,14 @@ first_hole(struct drm_mm *mm, >> #define DECLARE_NEXT_HOLE_ADDR(name, first, last) \ >> static struct drm_mm_node *name(struct drm_mm_node *entry, u64 >> size) \ >> { \ >> - struct rb_node *parent, *node = &entry->rb_hole_addr; \ >> + struct rb_node *parent, *node; \ >> \ >> - if (!entry || RB_EMPTY_NODE(node)) \ >> + if (!entry) \ >> return NULL; \ >> \ >> + node = &entry->rb_hole_addr; \ >> + if (RB_EMPTY_NODE(node)) \ >> + return NULL; \ >> if (usable_hole_addr(node->first, size)) { \ >> node = node->first; \ >> while (usable_hole_addr(node->last, size)) \ > > . >