1. Patchew
  2. linux
  3. View series

[PATCH] drm/vc4: fix dereference before NULL check

Yu Liao posted 1 patch 3 years, 9 months ago 
drivers/gpu/drm/vc4/vc4_perfmon.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
[PATCH] drm/vc4: fix dereference before NULL check
Posted by Yu Liao 3 years, 9 months ago 
The "perfmon" pointer is equal to the return value of idr_find
which may be NULL, access by vc4_perfmon_get before checking if
it was NULL. Fix this by dereferencing "perfmon" after "perfmon"
has been null checked.

Addresses-Coverity: ("Dereference before null check")
Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace")
Signed-off-by: Yu Liao <liaoyu15@huawei.com>
---
 drivers/gpu/drm/vc4/vc4_perfmon.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/vc4/vc4_perfmon.c b/drivers/gpu/drm/vc4/vc4_perfmon.c
index c7f5adb6bcf8..ca969b8c7dde 100644
--- a/drivers/gpu/drm/vc4/vc4_perfmon.c
+++ b/drivers/gpu/drm/vc4/vc4_perfmon.c
@@ -17,13 +17,17 @@
 
 void vc4_perfmon_get(struct vc4_perfmon *perfmon)
 {
-	struct vc4_dev *vc4 = perfmon->dev;
+	struct vc4_dev *vc4;
+
+	if (!perfmon)
+		return;
+
+	vc4 = perfmon->dev;
 
 	if (WARN_ON_ONCE(vc4->is_vc5))
 		return;
 
-	if (perfmon)
-		refcount_inc(&perfmon->refcnt);
+	refcount_inc(&perfmon->refcnt);
 }
 
 void vc4_perfmon_put(struct vc4_perfmon *perfmon)
-- 
2.25.1
Re: [PATCH] drm/vc4: fix dereference before NULL check
Posted by Maxime Ripard 3 years, 9 months ago 
Hi,

On Tue, Jun 28, 2022 at 02:36:57PM +0800, Yu Liao wrote:
> The "perfmon" pointer is equal to the return value of idr_find
> which may be NULL, access by vc4_perfmon_get before checking if
> it was NULL. Fix this by dereferencing "perfmon" after "perfmon"
> has been null checked.
> 
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace")
> Signed-off-by: Yu Liao <liaoyu15@huawei.com>

A similar patch has already been merged:
https://lore.kernel.org/dri-devel/20220622080243.22119-1-maxime@cerno.tech/

Thanks!
Maxime
Re: [PATCH] drm/vc4: fix dereference before NULL check
Posted by Boris Brezillon 3 years, 9 months ago 
On Tue, 28 Jun 2022 14:36:57 +0800
Yu Liao <liaoyu15@huawei.com> wrote:

> The "perfmon" pointer is equal to the return value of idr_find
> which may be NULL, access by vc4_perfmon_get before checking if
> it was NULL. Fix this by dereferencing "perfmon" after "perfmon"
> has been null checked.
> 
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace")
> Signed-off-by: Yu Liao <liaoyu15@huawei.com>

Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>

> ---
>  drivers/gpu/drm/vc4/vc4_perfmon.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/gpu/drm/vc4/vc4_perfmon.c b/drivers/gpu/drm/vc4/vc4_perfmon.c
> index c7f5adb6bcf8..ca969b8c7dde 100644
> --- a/drivers/gpu/drm/vc4/vc4_perfmon.c
> +++ b/drivers/gpu/drm/vc4/vc4_perfmon.c
> @@ -17,13 +17,17 @@
>  
>  void vc4_perfmon_get(struct vc4_perfmon *perfmon)
>  {
> -	struct vc4_dev *vc4 = perfmon->dev;
> +	struct vc4_dev *vc4;
> +
> +	if (!perfmon)
> +		return;
> +
> +	vc4 = perfmon->dev;
>  
>  	if (WARN_ON_ONCE(vc4->is_vc5))
>  		return;
>  
> -	if (perfmon)
> -		refcount_inc(&perfmon->refcnt);
> +	refcount_inc(&perfmon->refcnt);
>  }
>  
>  void vc4_perfmon_put(struct vc4_perfmon *perfmon)

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.