From mboxrd@z Thu Jan  1 00:00:00 1970
From: Damien Lespiau <damien.lespiau@intel.com>
Subject: Re: [PATCH -next] drm/i915: fix potential NULL pointer
 dereference in i915_gem_context_get_hang_stats()
Date: Thu, 11 Jul 2013 19:23:36 +0100
Message-ID: <20130711182335.GD20291@strange.amr.corp.intel.com>
References: <CAPgLHd81aZqECw1TrnVUF5iDLVw1-NQQvC43dw8v1bsTzYBQ0w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <intel-gfx-bounces+gcfxdi-intel-gfx=m.gmane.org@lists.freedesktop.org>
Received: from mga03.intel.com (mga03.intel.com [143.182.124.21])
	by gabe.freedesktop.org (Postfix) with ESMTP id BD202E64FD
	for <intel-gfx@lists.freedesktop.org>;
	Thu, 11 Jul 2013 11:23:38 -0700 (PDT)
Content-Disposition: inline
In-Reply-To: <CAPgLHd81aZqECw1TrnVUF5iDLVw1-NQQvC43dw8v1bsTzYBQ0w@mail.gmail.com>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/intel-gfx>,
	<mailto:intel-gfx-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/intel-gfx>
List-Post: <mailto:intel-gfx@lists.freedesktop.org>
List-Help: <mailto:intel-gfx-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/intel-gfx>,
	<mailto:intel-gfx-request@lists.freedesktop.org?subject=subscribe>
Sender: intel-gfx-bounces+gcfxdi-intel-gfx=m.gmane.org@lists.freedesktop.org
Errors-To: intel-gfx-bounces+gcfxdi-intel-gfx=m.gmane.org@lists.freedesktop.org
To: Wei Yongjun <weiyj.lk@gmail.com>
Cc: yongjun_wei@trendmicro.com.cn, intel-gfx@lists.freedesktop.org
List-Id: intel-gfx@lists.freedesktop.org

On Thu, Jun 20, 2013 at 08:01:47AM +0800, Wei Yongjun wrote:
> From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
> 
> The dereference should be moved below the NULL test.
> 
> Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
> ---
>  drivers/gpu/drm/i915/i915_gem_context.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c
> index ff47145..f32107e 100644
> --- a/drivers/gpu/drm/i915/i915_gem_context.c
> +++ b/drivers/gpu/drm/i915/i915_gem_context.c
> @@ -309,7 +309,7 @@ i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
>  				u32 id)
>  {
>  	struct drm_i915_private *dev_priv = ring->dev->dev_private;
> -	struct drm_i915_file_private *file_priv = file->driver_priv;
> +	struct drm_i915_file_private *file_priv;
>  	struct i915_hw_context *to;
>  
>  	if (dev_priv->hw_contexts_disabled)
> @@ -321,6 +321,7 @@ i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
>  	if (file == NULL)
>  		return ERR_PTR(-EINVAL);
>  
> +	file_priv = file->driver_priv;
>  	if (id == DEFAULT_CONTEXT_ID)
>  		return &file_priv->hang_stats;

I think we could just not check for file == NULL here as it comes
directly from the ioctl() through i915_gem_execbuffer().

Patch coming...

-- 
Damien