[PATCH V2] drm/xe/guc: Fix dereference before Null check

Everest K.C. posted 1 patch 1 month, 2 weeks ago
drivers/gpu/drm/xe/xe_guc_capture.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
[PATCH V2] drm/xe/guc: Fix dereference before Null check
Posted by Everest K.C. 1 month, 2 weeks ago
The pointer list->list is derefrenced before the Null check.
Fix this by moving the Null check outside the for loop, so that
the check is performed before the derefrencing.

This issue was reported by Coverity Scan.
https://scan7.scan.coverity.com/#/project-view/51525/11354
?selectedIssue=1600335

Fixes: a18c696fa5cb ("drm/xe/guc: Fix dereference before Null check")

Signed-off-by: Everest K.C. <everestkc@everestkc.com.np>
---
V1 -> V2: - Combined the `!list->list` check in preexisting if statement
	  - Added Fixes tag 
	  - Added the link to the Coverity Scan report 

 drivers/gpu/drm/xe/xe_guc_capture.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/xe/xe_guc_capture.c b/drivers/gpu/drm/xe/xe_guc_capture.c
index 41262bda20ed..947c3a6d0e5a 100644
--- a/drivers/gpu/drm/xe/xe_guc_capture.c
+++ b/drivers/gpu/drm/xe/xe_guc_capture.c
@@ -1531,7 +1531,7 @@ read_reg_to_node(struct xe_hw_engine *hwe, const struct __guc_mmio_reg_descr_gro
 {
 	int i;
 
-	if (!list || list->num_regs == 0)
+	if (!list || !list->list || list->num_regs == 0)
 		return;
 
 	if (!regs)
@@ -1541,9 +1541,6 @@ read_reg_to_node(struct xe_hw_engine *hwe, const struct __guc_mmio_reg_descr_gro
 		struct __guc_mmio_reg_descr desc = list->list[i];
 		u32 value;
 
-		if (!list->list)
-			return;
-
 		if (list->type == GUC_STATE_CAPTURE_TYPE_ENGINE_INSTANCE) {
 			value = xe_hw_engine_mmio_read32(hwe, desc.reg);
 		} else {
-- 
2.43.0
Re: [PATCH V2] drm/xe/guc: Fix dereference before Null check
Posted by Dan Carpenter 1 month, 2 weeks ago
On Wed, Oct 09, 2024 at 03:39:20PM -0600, Everest K.C. wrote:
> The pointer list->list is derefrenced before the Null check.
> Fix this by moving the Null check outside the for loop, so that
> the check is performed before the derefrencing.
> 

Please, mention the effect on runtime if it's not totally obvious.  In this case,
someone reading the commit message would think that it leads to a NULL
dereference but actually the pointer can't be NULL as I explained so there is
no effect on run time.  Say something like:
"The list->list pointer cannot be NULL so this has no effect on runtime.  It's
just a correctness issue."

Change Null to NULL so people don't think it's Java.  ;)  Also dereferencing
has a typo.  s/derefrencing/dereferencing/.


> This issue was reported by Coverity Scan.
> https://scan7.scan.coverity.com/#/project-view/51525/11354
> ?selectedIssue=1600335

Don't line break URLs like this.  Just go over the 72-74 character limit.

> 
> Fixes: a18c696fa5cb ("drm/xe/guc: Fix dereference before Null check")
> 

Remove the blank line after Fixes.

> Signed-off-by: Everest K.C. <everestkc@everestkc.com.np>
> ---

Otherwise, it looks good.

Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>

regards,
dan carpenter
Re: [PATCH V2] drm/xe/guc: Fix dereference before Null check
Posted by Everest K.C. 1 month, 2 weeks ago
On Thu, Oct 10, 2024 at 12:28 AM Dan Carpenter <dan.carpenter@linaro.org> wrote:
>
> On Wed, Oct 09, 2024 at 03:39:20PM -0600, Everest K.C. wrote:
> > The pointer list->list is derefrenced before the Null check.
> > Fix this by moving the Null check outside the for loop, so that
> > the check is performed before the derefrencing.
> >
>
> Please, mention the effect on runtime if it's not totally obvious.  In this case,
> someone reading the commit message would think that it leads to a NULL
> dereference but actually the pointer can't be NULL as I explained so there is
> no effect on run time.  Say something like:
> "The list->list pointer cannot be NULL so this has no effect on runtime.  It's
> just a correctness issue."
>
> Change Null to NULL so people don't think it's Java.  ;)  Also dereferencing
> has a typo.  s/derefrencing/dereferencing/.
>
>
> > This issue was reported by Coverity Scan.
> > https://scan7.scan.coverity.com/#/project-view/51525/11354
> > ?selectedIssue=1600335
>
> Don't line break URLs like this.  Just go over the 72-74 character limit.
>
> >
> > Fixes: a18c696fa5cb ("drm/xe/guc: Fix dereference before Null check")
> >
>
> Remove the blank line after Fixes.
>
> > Signed-off-by: Everest K.C. <everestkc@everestkc.com.np>
> > ---
>
> Otherwise, it looks good.
Will incorporate your feedback and will send a V3.
Thank you for taking time to review it.
> Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
>
> regards,
> dan carpenter
>
Thanks,
Everest K.C.