1. Patchew
  2. linux
  3. View series

[PATCH][next] drm/xe/guc: Fix dereference before Null check

Everest K.C. posted 1 patch 1 month, 2 weeks ago
There is a newer version of this series
drivers/gpu/drm/xe/xe_guc_capture.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
[PATCH][next] drm/xe/guc: Fix dereference before Null check
Posted by Everest K.C. 1 month, 2 weeks ago 
The pointer list->list was derefrenced before the Null check
resulting in possibility of Null pointer derefrencing.
This patch moves the Null check outside the for loop, so that
the check is performed before the derefrencing.

This issue was reported by Coverity Scan.

Signed-off-by: Everest K.C. <everestkc@everestkc.com.np>
---
 drivers/gpu/drm/xe/xe_guc_capture.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/xe/xe_guc_capture.c b/drivers/gpu/drm/xe/xe_guc_capture.c
index 41262bda20ed..de63c622747d 100644
--- a/drivers/gpu/drm/xe/xe_guc_capture.c
+++ b/drivers/gpu/drm/xe/xe_guc_capture.c
@@ -1537,13 +1537,13 @@ read_reg_to_node(struct xe_hw_engine *hwe, const struct __guc_mmio_reg_descr_gro
 	if (!regs)
 		return;
 
+	if (!list->list)
+		return;
+
 	for (i = 0; i < list->num_regs; i++) {
 		struct __guc_mmio_reg_descr desc = list->list[i];
 		u32 value;
 
-		if (!list->list)
-			return;
-
 		if (list->type == GUC_STATE_CAPTURE_TYPE_ENGINE_INSTANCE) {
 			value = xe_hw_engine_mmio_read32(hwe, desc.reg);
 		} else {
-- 
2.43.0
Re: [PATCH][next] drm/xe/guc: Fix dereference before Null check
Posted by Dan Carpenter 1 month, 2 weeks ago 
On Wed, Oct 09, 2024 at 12:49:49PM -0600, Everest K.C. wrote:
> The pointer list->list was derefrenced before the Null check
> resulting in possibility of Null pointer derefrencing.
> This patch moves the Null check outside the for loop, so that
> the check is performed before the derefrencing.
> 
> This issue was reported by Coverity Scan.
> 
> Signed-off-by: Everest K.C. <everestkc@everestkc.com.np>

You need to add a Fixes tag.

> ---
>  drivers/gpu/drm/xe/xe_guc_capture.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/gpu/drm/xe/xe_guc_capture.c b/drivers/gpu/drm/xe/xe_guc_capture.c
> index 41262bda20ed..de63c622747d 100644
> --- a/drivers/gpu/drm/xe/xe_guc_capture.c
> +++ b/drivers/gpu/drm/xe/xe_guc_capture.c
> @@ -1537,13 +1537,13 @@ read_reg_to_node(struct xe_hw_engine *hwe, const struct __guc_mmio_reg_descr_gro
>  	if (!regs)
>  		return;
>  
> +	if (!list->list)
> +		return;

Could you merge this with the other sanity checks at the start of the function.

-       if (!list || list->num_regs == 0)
+       if (!list || !list->list || list->num_regs == 0)

The list->list pointer can't actually be NULL.  It comes from
guc_capture_get_one_list(), so if the reglists[i].list pointer is NULL it
returns NULL.  However, obviously checking for NULL after a dereference is not
the correct so it's worth fixing and probably deserves a Fixes tag.  Although it
doesn't affect runtime, adding a Fixes tag helps backporters know they can
automatically ignore this one because the commit it's fixing is very recent.

regards,
dan carpenter
Re: [PATCH][next] drm/xe/guc: Fix dereference before Null check
Posted by Everest K.C. 1 month, 2 weeks ago 
On Wed, Oct 9, 2024 at 2:35 PM Dan Carpenter <dan.carpenter@linaro.org> wrote:
>
> On Wed, Oct 09, 2024 at 12:49:49PM -0600, Everest K.C. wrote:
> > The pointer list->list was derefrenced before the Null check
> > resulting in possibility of Null pointer derefrencing.
> > This patch moves the Null check outside the for loop, so that
> > the check is performed before the derefrencing.
> >
> > This issue was reported by Coverity Scan.
> >
> > Signed-off-by: Everest K.C. <everestkc@everestkc.com.np>
>
> You need to add a Fixes tag.
Will add it and send a V2.
> > ---
> >  drivers/gpu/drm/xe/xe_guc_capture.c | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/xe/xe_guc_capture.c b/drivers/gpu/drm/xe/xe_guc_capture.c
> > index 41262bda20ed..de63c622747d 100644
> > --- a/drivers/gpu/drm/xe/xe_guc_capture.c
> > +++ b/drivers/gpu/drm/xe/xe_guc_capture.c
> > @@ -1537,13 +1537,13 @@ read_reg_to_node(struct xe_hw_engine *hwe, const struct __guc_mmio_reg_descr_gro
> >       if (!regs)
> >               return;
> >
> > +     if (!list->list)
> > +             return;
>
> Could you merge this with the other sanity checks at the start of the function.
>
> -       if (!list || list->num_regs == 0)
> +       if (!list || !list->list || list->num_regs == 0)
That looks better. Will do that in V2 and send it.
> The list->list pointer can't actually be NULL.  It comes from
> guc_capture_get_one_list(), so if the reglists[i].list pointer is NULL it
> returns NULL.  However, obviously checking for NULL after a dereference is not
> the correct so it's worth fixing and probably deserves a Fixes tag.  Although it
> doesn't affect runtime, adding a Fixes tag helps backporters know they can
> automatically ignore this one because the commit it's fixing is very recent.
>
> regards,
> dan carpenter
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.