| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Apr 2023 09:59:16 -0400
From: Felix Kuehling <felix.kuehling@....com>
To: Markus Elfring <Markus.Elfring@....de>,
kernel-janitors@...r.kernel.org, amd-gfx@...ts.freedesktop.org,
dri-devel@...ts.freedesktop.org, Alan Liu <HaoPing.Liu@....com>,
Alex Deucher <alexander.deucher@....com>,
Alex Hung <alex.hung@....com>,
Alexey Kodanev <aleksei.kodanev@...l-sw.com>,
Aurabindo Pillai <aurabindo.pillai@....com>,
Bhanuprakash Modem <bhanuprakash.modem@...el.com>,
Candice Li <candice.li@....com>,
Charlene Liu <charlene.liu@....com>,
Christian König <christian.koenig@....com>,
Daniel Vetter <daniel@...ll.ch>,
David Airlie <airlied@...il.com>,
David Tadokoro <davidbtadokoro@....br>,
Eryk Brol <eryk.brol@....com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Hamza Mahfooz <hamza.mahfooz@....com>,
Harry Wentland <harry.wentland@....com>,
Hawking Zhang <Hawking.Zhang@....com>,
hersen wu <hersenxs.wu@....com>,
Jiapeng Chong <jiapeng.chong@...ux.alibaba.com>,
Jun Lei <jun.lei@....com>, Leo Li <sunpeng.li@....com>,
Mikita Lipski <mikita.lipski@....com>,
Rodrigo Siqueira <Rodrigo.Siqueira@....com>,
Stanley Yang <Stanley.Yang@....com>,
Tao Zhou <tao.zhou1@....com>, Tom Rix <trix@...hat.com>,
Victor Zhao <Victor.Zhao@....com>,
Wayne Lin <Wayne.Lin@....com>,
Wenjing Liu <wenjing.liu@....com>,
Xinhui Pan <Xinhui.Pan@....com>,
YiPeng Chai <YiPeng.Chai@....com>, Zhan Liu <zhan.liu@....com>
Cc: LKML <linux-kernel@...r.kernel.org>, cocci@...ia.fr
Subject: Re: [PATCH 1/5] drm/amdgpu: Move a variable assignment behind a null
pointer check in amdgpu_ras_interrupt_dispatch()
Am 2023-04-11 um 09:42 schrieb Markus Elfring:
> Date: Tue, 11 Apr 2023 10:52:48 +0200
>
> The address of a data structure member was determined before
> a corresponding null pointer check in the implementation of
> the function “amdgpu_ras_interrupt_dispatch”.
>
> Thus avoid the risk for undefined behaviour by moving the assignment
> for the variable “data” behind the null pointer check.
>
> This issue was detected by using the Coccinelle software.
>
> Fixes: c030f2e4166c3f5597c7e7a70bcd9ab383695de4 ("drm/amdgpu: add amdgpu_ras.c to support ras (v2)")
> Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c
> index 4069bce9479f..a920c7888d07 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c
> @@ -1730,11 +1730,12 @@ int amdgpu_ras_interrupt_dispatch(struct amdgpu_device *adev,
> struct ras_dispatch_if *info)
> {
> struct ras_manager *obj = amdgpu_ras_find_obj(adev, &info->head);
> - struct ras_ih_data *data = &obj->ih_data;
> + struct ras_ih_data *data;
I'm curious, this only takes the address of obj->ih_data. It doesn't
dereference the pointer until after the !obj check below. How is this
undefined behaviour? Is this about the compiler being free to reorder
stuff for optimization, unaware of the dependency? Is there a link to an
explanation that could be added to the commit description?
Thanks,
Felix
>
> if (!obj)
> return -EINVAL;
>
> + data = &obj->ih_data;
> if (data->inuse == 0)
> return 0;
>
> --
> 2.40.0
>
Powered by blists - more mailing lists