| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190629135534.15116-1-colin.king@canonical.com>
Date: Sat, 29 Jun 2019 14:55:34 +0100
From: Colin King <colin.king@...onical.com>
To: Rex Zhu <rex.zhu@....com>, Evan Quan <evan.quan@....com>,
Alex Deucher <alexander.deucher@....com>,
Christian König <christian.koenig@....com>,
David Zhou <David1.Zhou@....com>,
David Airlie <airlied@...ux.ie>,
Daniel Vetter <daniel@...ll.ch>, amd-gfx@...ts.freedesktop.org,
dri-devel@...ts.freedesktop.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] drm/amd/pp: fix a dereference of a pointer before it is null checked
From: Colin Ian King <colin.king@...onical.com>
The pointer hwmgr is dereferenced when initializing pointer adev however
it is a little later hwmgr is null checked, implying it could potentially
be null hence the assignment of adev may cause a null pointer dereference.
Fix this by moving the assignment after the null check. Note that I did
think of removing adev as it is only used once, however, hwmgr->adev is
a void * pointer, so using adev avoids some ugly casting so it makes sense
to still use it.
Addresses-Coverity: ("Dereference before null check")
Fixes: 59156faf810e ("drm/amd/pp: Remove the cgs wrapper for notify smu version on APU")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
drivers/gpu/drm/amd/powerplay/smumgr/smu8_smumgr.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/powerplay/smumgr/smu8_smumgr.c b/drivers/gpu/drm/amd/powerplay/smumgr/smu8_smumgr.c
index 8189fe402c6d..12815b3830e4 100644
--- a/drivers/gpu/drm/amd/powerplay/smumgr/smu8_smumgr.c
+++ b/drivers/gpu/drm/amd/powerplay/smumgr/smu8_smumgr.c
@@ -722,13 +722,11 @@ static int smu8_request_smu_load_fw(struct pp_hwmgr *hwmgr)
static int smu8_start_smu(struct pp_hwmgr *hwmgr)
{
- struct amdgpu_device *adev = hwmgr->adev;
-
+ struct amdgpu_device *adev;
uint32_t index = SMN_MP1_SRAM_START_ADDR +
SMU8_FIRMWARE_HEADER_LOCATION +
offsetof(struct SMU8_Firmware_Header, Version);
-
if (hwmgr == NULL || hwmgr->device == NULL)
return -EINVAL;
@@ -738,6 +736,7 @@ static int smu8_start_smu(struct pp_hwmgr *hwmgr)
((hwmgr->smu_version >> 16) & 0xFF),
((hwmgr->smu_version >> 8) & 0xFF),
(hwmgr->smu_version & 0xFF));
+ adev = hwmgr->adev;
adev->pm.fw_version = hwmgr->smu_version >> 8;
return smu8_request_smu_load_fw(hwmgr);
--
2.20.1
Powered by blists - more mailing lists