| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEKBCKMNZOof8KP5upY45djTC9Bk9+AFHZyZVoid2eevTtjykA@mail.gmail.com>
Date: Sat, 21 Sep 2024 10:10:54 +0545
From: Dipendra Khadka <kdipendra88@...il.com>
To: Christian König <christian.koenig@....com>
Cc: Felix.Kuehling@....com, alexander.deucher@....com, Xinhui.Pan@....com,
airlied@...il.com, daniel@...ll.ch, amd-gfx@...ts.freedesktop.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Staging: drivers/gpu/drm/amd/amdgpu: Fix null pointer
deference in amdkfd_fence_get_timeline_name
On Sat, 21 Sept 2024 at 00:43, Christian König <christian.koenig@....com> wrote:
>
> Am 20.09.24 um 18:31 schrieb Dipendra Khadka:
> > On Fri, 20 Sept 2024 at 16:01, Christian König <christian.koenig@....com> wrote:
> >> Am 20.09.24 um 11:09 schrieb Dipendra Khadka:
> >>> '''
> >>> drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c:108:9: error: Null pointer dereference: fence [nullPointer]
> >>> return fence->timeline_name;
> >>> ^
> >>> '''
> >>>
> >>> The method to_amdgpu_amdkfd_fence can return NULL incase of empty f
> >>> or f->ops != &amdkfd_fence_ops.Hence, check has been added .
> >>> If fence is null , then null is returned.
> >> Well NAK, completely nonsense. Calling the function with a NULL fence is
> >> illegal.
> > Thanks for enlightening me .
>
> Well sorry to be so direct, but what the heck did you tried to do here?
>
Hi Christian,
cppcheck reported null pointer dereference in the line " return
fence->timeline_name;" in the function "static const char
*amdkfd_fence_get_timeline_name(struct dma_fence *f)".
In the function , we are getting the value of fence like this :
"struct amdgpu_amdkfd_fence *fence = to_amdgpu_amdkfd_fence(f);"
When I went through the function " to_amdgpu_amdkfd_fence" whose definition is :
'''
struct amdgpu_amdkfd_fence *to_amdgpu_amdkfd_fence(struct dma_fence *f)
{
struct amdgpu_amdkfd_fence *fence;
if (!f)
return NULL;
fence = container_of(f, struct amdgpu_amdkfd_fence, base);
if (f->ops == &amdkfd_fence_ops)
return fence;
return NULL;
}
'''
Here, the function to_amdgpu_amdkfd_fence can return NULL when f is
empty or f->ops != &amdkfd_fence_ops .So the fence in function
"amdkfd_fence_get_timeline_name" can be NULL.
Hence , I thought dereferencing NULL fence like "return
fence->timeline_name" may result in the runtime crashing. So, I
proposed this fix. Sorry, I was not aware about the behaviour of the
fence.
I am interested in the development and tried to fix this .
> I mean that is broken on so many different levels that I can't
> understand why somebody is suggesting something like that.
>
> Regards,
> Christian.
>
> >
> >> Regards,
> >> Christian.
> >>
> >>> Signed-off-by: Dipendra Khadka <kdipendra88@...il.com>
> >>> ---
> >>> drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 3 +++
> >>> 1 file changed, 3 insertions(+)
> >>>
> >>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c
> >>> index 1ef758ac5076..2313babcc944 100644
> >>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c
> >>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c
> >>> @@ -105,6 +105,9 @@ static const char *amdkfd_fence_get_timeline_name(struct dma_fence *f)
> >>> {
> >>> struct amdgpu_amdkfd_fence *fence = to_amdgpu_amdkfd_fence(f);
> >>>
> >>> + if (!fence)
> >>> + return NULL;
> >>> +
> >>> return fence->timeline_name;
> >>> }
> >>>
> > Regards,
> > Dipendra Khadka
>
Regards,
Dipendra Khadka
Powered by blists - more mailing lists