* [PATCH v2] amdgpu: prevent NULL pointer dereference if ATIF is not supported
@ 2024-10-31 15:28 Antonio Quartulli
2024-10-31 15:48 ` Markus Elfring
2024-10-31 19:37 ` Mario Limonciello
0 siblings, 2 replies; 5+ messages in thread
From: Antonio Quartulli @ 2024-10-31 15:28 UTC (permalink / raw)
To: alexander.deucher, christian.koenig, Xinhui.Pan,
mario.limonciello
Cc: amd-gfx, dri-devel, linux-kernel, Antonio Quartulli
acpi_evaluate_object() may return AE_NOT_FOUND (failure), which
would result in dereferencing buffer.pointer (obj) while being NULL.
Although this case may be unrealistic for the current code, it is
still better to protect against possible bugs.
Bail out also when status is AE_NOT_FOUND.
This fixes 1 FORWARD_NULL issue reported by Coverity
Report: CID 1600951: Null pointer dereferences (FORWARD_NULL)
Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c
index cce85389427f..b8d4e07d2043 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c
@@ -172,8 +172,8 @@ static union acpi_object *amdgpu_atif_call(struct amdgpu_atif *atif,
&buffer);
obj = (union acpi_object *)buffer.pointer;
- /* Fail if calling the method fails and ATIF is supported */
- if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) {
+ /* Fail if calling the method fails */
+ if (ACPI_FAILURE(status)) {
DRM_DEBUG_DRIVER("failed to evaluate ATIF got %s\n",
acpi_format_exception(status));
kfree(obj);
--
2.45.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2] amdgpu: prevent NULL pointer dereference if ATIF is not supported
2024-10-31 15:28 [PATCH v2] amdgpu: prevent NULL pointer dereference if ATIF is not supported Antonio Quartulli
@ 2024-10-31 15:48 ` Markus Elfring
2024-10-31 19:37 ` Mario Limonciello
1 sibling, 0 replies; 5+ messages in thread
From: Markus Elfring @ 2024-10-31 15:48 UTC (permalink / raw)
To: Antonio Quartulli, amd-gfx, dri-devel, Alex Deucher,
Christian König, Mario Limonciello, Xinhui Pan
Cc: LKML
…
> Although this case may be unrealistic for the current code, it is
> still better to protect against possible bugs.
>
> Bail out also when status is AE_NOT_FOUND.
…
How do you think about to add any tags (like “Fixes” and “Cc”) accordingly?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.12-rc5#n145
Regards,
Markus
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] amdgpu: prevent NULL pointer dereference if ATIF is not supported
2024-10-31 15:28 [PATCH v2] amdgpu: prevent NULL pointer dereference if ATIF is not supported Antonio Quartulli
2024-10-31 15:48 ` Markus Elfring
@ 2024-10-31 19:37 ` Mario Limonciello
2024-10-31 20:50 ` Antonio Quartulli
1 sibling, 1 reply; 5+ messages in thread
From: Mario Limonciello @ 2024-10-31 19:37 UTC (permalink / raw)
To: Antonio Quartulli, alexander.deucher, christian.koenig,
Xinhui.Pan
Cc: amd-gfx, dri-devel, linux-kernel
On 10/31/2024 10:28, Antonio Quartulli wrote:
> acpi_evaluate_object() may return AE_NOT_FOUND (failure), which
> would result in dereferencing buffer.pointer (obj) while being NULL.
>
> Although this case may be unrealistic for the current code, it is
> still better to protect against possible bugs.
>
> Bail out also when status is AE_NOT_FOUND.
>
> This fixes 1 FORWARD_NULL issue reported by Coverity
> Report: CID 1600951: Null pointer dereferences (FORWARD_NULL)
>
> Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
Can you please dig up the right Fixes: tag?
Besides that, LGTM.
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c
> index cce85389427f..b8d4e07d2043 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c
> @@ -172,8 +172,8 @@ static union acpi_object *amdgpu_atif_call(struct amdgpu_atif *atif,
> &buffer);
> obj = (union acpi_object *)buffer.pointer;
>
> - /* Fail if calling the method fails and ATIF is supported */
> - if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) {
> + /* Fail if calling the method fails */
> + if (ACPI_FAILURE(status)) {
> DRM_DEBUG_DRIVER("failed to evaluate ATIF got %s\n",
> acpi_format_exception(status));
> kfree(obj);
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] amdgpu: prevent NULL pointer dereference if ATIF is not supported
2024-10-31 19:37 ` Mario Limonciello
@ 2024-10-31 20:50 ` Antonio Quartulli
2024-11-01 16:22 ` Mario Limonciello
0 siblings, 1 reply; 5+ messages in thread
From: Antonio Quartulli @ 2024-10-31 20:50 UTC (permalink / raw)
To: Mario Limonciello
Cc: Xinhui.Pan, alexander.deucher, christian.koenig, amd-gfx,
dri-devel, linux-kernel
On 31/10/2024 20:37, Mario Limonciello wrote:
> On 10/31/2024 10:28, Antonio Quartulli wrote:
>> acpi_evaluate_object() may return AE_NOT_FOUND (failure), which
>> would result in dereferencing buffer.pointer (obj) while being NULL.
>>
>> Although this case may be unrealistic for the current code, it is
>> still better to protect against possible bugs.
>>
>> Bail out also when status is AE_NOT_FOUND.
>>
>> This fixes 1 FORWARD_NULL issue reported by Coverity
>> Report: CID 1600951: Null pointer dereferences (FORWARD_NULL)
>>
>> Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
>
> Can you please dig up the right Fixes: tag?
Fixes: c9b7c809b89f ("drm/amd: Guard against bad data for ATIF ACPI method")
Your commit :)
Should I send v3 with the Fixes tag in it?
Interestingly, this pattern of checking for AE_NOT_FOUND is shared by
other functions, however, they don't try to dereference the pointer to
the buffer before the return statement (which caused the Coverity report).
It's the caller that checks if the return value is NULL or not.
For this function it was the same, until you added this extra check on
obj->type, without checking if obj was NULL or not.
If we want to keep the original pattern and continue checking for
AE_NOT_FOUND, we could rather do:
- if (obj->type != ACPI_TYPE_BUFFER) {
+ if (obj && obj->type != ACPI_TYPE_BUFFER) {
But this feel more like "bike shed color picking" than anything else :)
Anyway, up to you Mario, I am open to change the patch again if the
latter pattern is more preferable.
Regards,
>
> Besides that, LGTM.
>
> Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
>
>> ---
>> drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/
>> drm/amd/amdgpu/amdgpu_acpi.c
>> index cce85389427f..b8d4e07d2043 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c
>> @@ -172,8 +172,8 @@ static union acpi_object *amdgpu_atif_call(struct
>> amdgpu_atif *atif,
>> &buffer);
>> obj = (union acpi_object *)buffer.pointer;
>> - /* Fail if calling the method fails and ATIF is supported */
>> - if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) {
>> + /* Fail if calling the method fails */
>> + if (ACPI_FAILURE(status)) {
>> DRM_DEBUG_DRIVER("failed to evaluate ATIF got %s\n",
>> acpi_format_exception(status));
>> kfree(obj);
>
--
Antonio Quartulli
CEO and Co-Founder
Mandelbit Srl
https://www.mandelbit.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] amdgpu: prevent NULL pointer dereference if ATIF is not supported
2024-10-31 20:50 ` Antonio Quartulli
@ 2024-11-01 16:22 ` Mario Limonciello
0 siblings, 0 replies; 5+ messages in thread
From: Mario Limonciello @ 2024-11-01 16:22 UTC (permalink / raw)
To: Antonio Quartulli
Cc: Xinhui.Pan, alexander.deucher, christian.koenig, amd-gfx,
dri-devel, linux-kernel
On 10/31/2024 15:50, Antonio Quartulli wrote:
> On 31/10/2024 20:37, Mario Limonciello wrote:
>> On 10/31/2024 10:28, Antonio Quartulli wrote:
>>> acpi_evaluate_object() may return AE_NOT_FOUND (failure), which
>>> would result in dereferencing buffer.pointer (obj) while being NULL.
>>>
>>> Although this case may be unrealistic for the current code, it is
>>> still better to protect against possible bugs.
>>>
>>> Bail out also when status is AE_NOT_FOUND.
>>>
>>> This fixes 1 FORWARD_NULL issue reported by Coverity
>>> Report: CID 1600951: Null pointer dereferences (FORWARD_NULL)
>>>
>>> Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
>>
>> Can you please dig up the right Fixes: tag?
>
> Fixes: c9b7c809b89f ("drm/amd: Guard against bad data for ATIF ACPI
> method")
>
> Your commit :)
>
> Should I send v3 with the Fixes tag in it?
Don't worry about it, I'll pick it up while we commit it.
Thanks!
>
> Interestingly, this pattern of checking for AE_NOT_FOUND is shared by
> other functions, however, they don't try to dereference the pointer to
> the buffer before the return statement (which caused the Coverity report).
> It's the caller that checks if the return value is NULL or not.
>
> For this function it was the same, until you added this extra check on
> obj->type, without checking if obj was NULL or not.
>
> If we want to keep the original pattern and continue checking for
> AE_NOT_FOUND, we could rather do:
>
> - if (obj->type != ACPI_TYPE_BUFFER) {
> + if (obj && obj->type != ACPI_TYPE_BUFFER) {
>
> But this feel more like "bike shed color picking" than anything else :)
> Anyway, up to you Mario, I am open to change the patch again if the
> latter pattern is more preferable.
>
> Regards,
>
>>
>> Besides that, LGTM.
>>
>> Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
>>
>>> ---
>>> drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/
>>> drm/amd/amdgpu/amdgpu_acpi.c
>>> index cce85389427f..b8d4e07d2043 100644
>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c
>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c
>>> @@ -172,8 +172,8 @@ static union acpi_object *amdgpu_atif_call(struct
>>> amdgpu_atif *atif,
>>> &buffer);
>>> obj = (union acpi_object *)buffer.pointer;
>>> - /* Fail if calling the method fails and ATIF is supported */
>>> - if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) {
>>> + /* Fail if calling the method fails */
>>> + if (ACPI_FAILURE(status)) {
>>> DRM_DEBUG_DRIVER("failed to evaluate ATIF got %s\n",
>>> acpi_format_exception(status));
>>> kfree(obj);
>>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-11-01 16:22 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-31 15:28 [PATCH v2] amdgpu: prevent NULL pointer dereference if ATIF is not supported Antonio Quartulli
2024-10-31 15:48 ` Markus Elfring
2024-10-31 19:37 ` Mario Limonciello
2024-10-31 20:50 ` Antonio Quartulli
2024-11-01 16:22 ` Mario Limonciello
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox