| Message ID | 20241031152848.4716-1-antonio@mandelbit.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] amdgpu: prevent NULL pointer dereference if ATIF is not supported | expand |
On 10/31/2024 10:28, Antonio Quartulli wrote: > acpi_evaluate_object() may return AE_NOT_FOUND (failure), which > would result in dereferencing buffer.pointer (obj) while being NULL. > > Although this case may be unrealistic for the current code, it is > still better to protect against possible bugs. > > Bail out also when status is AE_NOT_FOUND. > > This fixes 1 FORWARD_NULL issue reported by Coverity > Report: CID 1600951: Null pointer dereferences (FORWARD_NULL) > > Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> Can you please dig up the right Fixes: tag? Besides that, LGTM. Reviewed-by: Mario Limonciello <mario.limonciello@amd.com> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c > index cce85389427f..b8d4e07d2043 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c > @@ -172,8 +172,8 @@ static union acpi_object *amdgpu_atif_call(struct amdgpu_atif *atif, > &buffer); > obj = (union acpi_object *)buffer.pointer; > > - /* Fail if calling the method fails and ATIF is supported */ > - if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) { > + /* Fail if calling the method fails */ > + if (ACPI_FAILURE(status)) { > DRM_DEBUG_DRIVER("failed to evaluate ATIF got %s\n", > acpi_format_exception(status)); > kfree(obj);
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c index cce85389427f..b8d4e07d2043 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c @@ -172,8 +172,8 @@ static union acpi_object *amdgpu_atif_call(struct amdgpu_atif *atif, &buffer); obj = (union acpi_object *)buffer.pointer; - /* Fail if calling the method fails and ATIF is supported */ - if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) { + /* Fail if calling the method fails */ + if (ACPI_FAILURE(status)) { DRM_DEBUG_DRIVER("failed to evaluate ATIF got %s\n", acpi_format_exception(status)); kfree(obj);
acpi_evaluate_object() may return AE_NOT_FOUND (failure), which would result in dereferencing buffer.pointer (obj) while being NULL. Although this case may be unrealistic for the current code, it is still better to protect against possible bugs. Bail out also when status is AE_NOT_FOUND. This fixes 1 FORWARD_NULL issue reported by Coverity Report: CID 1600951: Null pointer dereferences (FORWARD_NULL) Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)