| Message ID | 20230426192413.143971-1-harshit.m.mogalapalli@oracle.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [next] drm/amd/display: Fix possible NULL dereference in dc_dmub_srv_cmd_run_list() | expand |
On 4/26/23 15:24, Harshit Mogalapalli wrote: > We have a NULL check for 'dc_dmub_srv' in dc_dmub_srv_cmd_run_list() > but we are dereferencing it before checking. > > Fix this moving the dereference next to NULL check. > > This issue is found with Smatch(static analysis tool). > > Fixes: e97cc04fe0fb ("drm/amd/display: refactor dmub commands into single function") > Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> Applied, thanks! > --- > Only compile tested. > --- > drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c b/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c > index d15ec32243e2..62d3473c32bc 100644 > --- a/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c > +++ b/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c > @@ -125,7 +125,7 @@ bool dc_dmub_srv_cmd_run(struct dc_dmub_srv *dc_dmub_srv, union dmub_rb_cmd *cmd > > bool dc_dmub_srv_cmd_run_list(struct dc_dmub_srv *dc_dmub_srv, unsigned int count, union dmub_rb_cmd *cmd_list, enum dm_dmub_wait_type wait_type) > { > - struct dc_context *dc_ctx = dc_dmub_srv->ctx; > + struct dc_context *dc_ctx; > struct dmub_srv *dmub; > enum dmub_status status; > int i; > @@ -133,6 +133,7 @@ bool dc_dmub_srv_cmd_run_list(struct dc_dmub_srv *dc_dmub_srv, unsigned int coun > if (!dc_dmub_srv || !dc_dmub_srv->dmub) > return false; > > + dc_ctx = dc_dmub_srv->ctx; > dmub = dc_dmub_srv->dmub; > > for (i = 0 ; i < count; i++) {
diff --git a/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c b/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c index d15ec32243e2..62d3473c32bc 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c +++ b/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c @@ -125,7 +125,7 @@ bool dc_dmub_srv_cmd_run(struct dc_dmub_srv *dc_dmub_srv, union dmub_rb_cmd *cmd bool dc_dmub_srv_cmd_run_list(struct dc_dmub_srv *dc_dmub_srv, unsigned int count, union dmub_rb_cmd *cmd_list, enum dm_dmub_wait_type wait_type) { - struct dc_context *dc_ctx = dc_dmub_srv->ctx; + struct dc_context *dc_ctx; struct dmub_srv *dmub; enum dmub_status status; int i; @@ -133,6 +133,7 @@ bool dc_dmub_srv_cmd_run_list(struct dc_dmub_srv *dc_dmub_srv, unsigned int coun if (!dc_dmub_srv || !dc_dmub_srv->dmub) return false; + dc_ctx = dc_dmub_srv->ctx; dmub = dc_dmub_srv->dmub; for (i = 0 ; i < count; i++) {
We have a NULL check for 'dc_dmub_srv' in dc_dmub_srv_cmd_run_list() but we are dereferencing it before checking. Fix this moving the dereference next to NULL check. This issue is found with Smatch(static analysis tool). Fixes: e97cc04fe0fb ("drm/amd/display: refactor dmub commands into single function") Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> --- Only compile tested. --- drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)