[PATCH -next] drm/i915: fix potential NULL pointer dereference in i915_gem_context_get_hang

public inbox for intel-gfx@lists.freedesktop.org
 help / color / mirror / Atom feed

* [PATCH -next] drm/i915: fix potential NULL pointer dereference in i915_gem_context_get_hang_stats()
@ 2013-06-20  0:01 Wei Yongjun
  2013-07-11 18:23 ` Damien Lespiau
  0 siblings, 1 reply; 4+ messages in thread
From: Wei Yongjun @ 2013-06-20  0:01 UTC (permalink / raw)
  To: daniel.vetter, airlied; +Cc: yongjun_wei, intel-gfx, dri-devel, linux-kernel

From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>

The dereference should be moved below the NULL test.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
---
 drivers/gpu/drm/i915/i915_gem_context.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c
index ff47145..f32107e 100644
--- a/drivers/gpu/drm/i915/i915_gem_context.c
+++ b/drivers/gpu/drm/i915/i915_gem_context.c
@@ -309,7 +309,7 @@ i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
 				u32 id)
 {
 	struct drm_i915_private *dev_priv = ring->dev->dev_private;
-	struct drm_i915_file_private *file_priv = file->driver_priv;
+	struct drm_i915_file_private *file_priv;
 	struct i915_hw_context *to;
 
 	if (dev_priv->hw_contexts_disabled)
@@ -321,6 +321,7 @@ i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
 	if (file == NULL)
 		return ERR_PTR(-EINVAL);
 
+	file_priv = file->driver_priv;
 	if (id == DEFAULT_CONTEXT_ID)
 		return &file_priv->hang_stats;
 

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH -next] drm/i915: fix potential NULL pointer dereference in i915_gem_context_get_hang_stats()
  2013-06-20  0:01 [PATCH -next] drm/i915: fix potential NULL pointer dereference in i915_gem_context_get_hang_stats() Wei Yongjun
@ 2013-07-11 18:23 ` Damien Lespiau
  2013-07-11 18:31   ` [PATCH] drm/i915: Don't check if a drm_file * is NULL in the ioctl code path Damien Lespiau
  0 siblings, 1 reply; 4+ messages in thread
From: Damien Lespiau @ 2013-07-11 18:23 UTC (permalink / raw)
  To: Wei Yongjun; +Cc: yongjun_wei, intel-gfx

On Thu, Jun 20, 2013 at 08:01:47AM +0800, Wei Yongjun wrote:
> From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
> 
> The dereference should be moved below the NULL test.
> 
> Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
> ---
>  drivers/gpu/drm/i915/i915_gem_context.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c
> index ff47145..f32107e 100644
> --- a/drivers/gpu/drm/i915/i915_gem_context.c
> +++ b/drivers/gpu/drm/i915/i915_gem_context.c
> @@ -309,7 +309,7 @@ i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
>  				u32 id)
>  {
>  	struct drm_i915_private *dev_priv = ring->dev->dev_private;
> -	struct drm_i915_file_private *file_priv = file->driver_priv;
> +	struct drm_i915_file_private *file_priv;
>  	struct i915_hw_context *to;
>  
>  	if (dev_priv->hw_contexts_disabled)
> @@ -321,6 +321,7 @@ i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
>  	if (file == NULL)
>  		return ERR_PTR(-EINVAL);
>  
> +	file_priv = file->driver_priv;
>  	if (id == DEFAULT_CONTEXT_ID)
>  		return &file_priv->hang_stats;

I think we could just not check for file == NULL here as it comes
directly from the ioctl() through i915_gem_execbuffer().

Patch coming...

-- 
Damien

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] drm/i915: Don't check if a drm_file * is NULL in the ioctl code path
  2013-07-11 18:23 ` Damien Lespiau
@ 2013-07-11 18:31   ` Damien Lespiau
  2013-07-11 21:11     ` Chris Wilson
  0 siblings, 1 reply; 4+ messages in thread
From: Damien Lespiau @ 2013-07-11 18:31 UTC (permalink / raw)
  To: intel-gfx; +Cc: yongjun_wei

Right now code checkers point out that we try to dereference file before
testing it for NULL.

This check doesn't seem necessary as file needs to be valid for the
ioctl() code to run.

Signed-off-by: Damien Lespiau <damien.lespiau@intel.com>
---
 drivers/gpu/drm/i915/i915_gem_context.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c
index ff47145..6573e47 100644
--- a/drivers/gpu/drm/i915/i915_gem_context.c
+++ b/drivers/gpu/drm/i915/i915_gem_context.c
@@ -318,9 +318,6 @@ i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
 	if (ring->id != RCS)
 		return ERR_PTR(-EINVAL);
 
-	if (file == NULL)
-		return ERR_PTR(-EINVAL);
-
 	if (id == DEFAULT_CONTEXT_ID)
 		return &file_priv->hang_stats;
 
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] drm/i915: Don't check if a drm_file * is NULL in the ioctl code path
  2013-07-11 18:31   ` [PATCH] drm/i915: Don't check if a drm_file * is NULL in the ioctl code path Damien Lespiau
@ 2013-07-11 21:11     ` Chris Wilson
  0 siblings, 0 replies; 4+ messages in thread
From: Chris Wilson @ 2013-07-11 21:11 UTC (permalink / raw)
  To: Damien Lespiau; +Cc: intel-gfx, yongjun_wei

On Thu, Jul 11, 2013 at 07:31:34PM +0100, Damien Lespiau wrote:
> Right now code checkers point out that we try to dereference file before
> testing it for NULL.
> 
> This check doesn't seem necessary as file needs to be valid for the
> ioctl() code to run.

This whole function was a copy'n'paste mistake with a rewrite on the
mailing list.
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2013-07-11 21:11 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-20  0:01 [PATCH -next] drm/i915: fix potential NULL pointer dereference in i915_gem_context_get_hang_stats() Wei Yongjun
2013-07-11 18:23 ` Damien Lespiau
2013-07-11 18:31   ` [PATCH] drm/i915: Don't check if a drm_file * is NULL in the ioctl code path Damien Lespiau
2013-07-11 21:11     ` Chris Wilson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox