| Message ID | 1609057469-3844200-1-git-send-email-bodefang@126.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/radeon:avoid null pointer dereference when dev is not bound | expand |
On Sun, Dec 27, 2020 at 3:56 PM Defang Bo <bodefang@126.com> wrote: > > [Why] > Similar to commit<0fa375e6>. If the set_state/can_switch code access the drm_device when dev is not bound, > a null pointer dereference can happen. > > [How] > Add sanity checks to prevent it. > > Signed-off-by: Defang Bo <bodefang@126.com> Are you actually hitting this or is this just defensive? I don't think we can actually get into a state where this would be a problem. Alex > --- > drivers/gpu/drm/radeon/radeon_device.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c > index 266e3cb..50a1a60 100644 > --- a/drivers/gpu/drm/radeon/radeon_device.c > +++ b/drivers/gpu/drm/radeon/radeon_device.c > @@ -1224,6 +1224,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero > { > struct drm_device *dev = pci_get_drvdata(pdev); > > + if (!dev) > + return; > + > if (radeon_is_px(dev) && state == VGA_SWITCHEROO_OFF) > return; > > @@ -1257,6 +1260,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero > static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) > { > struct drm_device *dev = pci_get_drvdata(pdev); > + > + if (!dev) > + return false; > > /* > * FIXME: open_count is protected by drm_global_mutex but that would lead to > -- > 2.7.4 > > _______________________________________________ > amd-gfx mailing list > amd-gfx@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/amd-gfx
I use static analysis tool to find these funcs are similar to the commit<0fa375e6bc90>(drm/rockchip: Fix suspend crash when drm is not bound),so it's just defensive, I haven't actually hitted this. At 2021-01-05 01:00:27, "Alex Deucher" <alexdeucher@gmail.com> wrote: >On Sun, Dec 27, 2020 at 3:56 PM Defang Bo <bodefang@126.com> wrote: >> >> [Why] >> Similar to commit<0fa375e6>. If the set_state/can_switch code access the drm_device when dev is not bound, >> a null pointer dereference can happen. >> >> [How] >> Add sanity checks to prevent it. >> >> Signed-off-by: Defang Bo <bodefang@126.com> > >Are you actually hitting this or is this just defensive? I don't >think we can actually get into a state where this would be a problem. > >Alex > >> --- >> drivers/gpu/drm/radeon/radeon_device.c | 6 ++++++ >> 1 file changed, 6 insertions(+) >> >> diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c >> index 266e3cb..50a1a60 100644 >> --- a/drivers/gpu/drm/radeon/radeon_device.c >> +++ b/drivers/gpu/drm/radeon/radeon_device.c >> @@ -1224,6 +1224,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero >> { >> struct drm_device *dev = pci_get_drvdata(pdev); >> >> + if (!dev) >> + return; >> + >> if (radeon_is_px(dev) && state == VGA_SWITCHEROO_OFF) >> return; >> >> @@ -1257,6 +1260,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero >> static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) >> { >> struct drm_device *dev = pci_get_drvdata(pdev); >> + >> + if (!dev) >> + return false; >> >> /* >> * FIXME: open_count is protected by drm_global_mutex but that would lead to >> -- >> 2.7.4 >> >> _______________________________________________ >> amd-gfx mailing list >> amd-gfx@lists.freedesktop.org >> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c index 266e3cb..50a1a60 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c @@ -1224,6 +1224,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero { struct drm_device *dev = pci_get_drvdata(pdev); + if (!dev) + return; + if (radeon_is_px(dev) && state == VGA_SWITCHEROO_OFF) return; @@ -1257,6 +1260,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) { struct drm_device *dev = pci_get_drvdata(pdev); + + if (!dev) + return false; /* * FIXME: open_count is protected by drm_global_mutex but that would lead to
[Why] Similar to commit<0fa375e6>. If the set_state/can_switch code access the drm_device when dev is not bound, a null pointer dereference can happen. [How] Add sanity checks to prevent it. Signed-off-by: Defang Bo <bodefang@126.com> --- drivers/gpu/drm/radeon/radeon_device.c | 6 ++++++ 1 file changed, 6 insertions(+)