diff mbox

drm/amdgpu: potential NULL dereference on error

Message ID 20150611084933.GA27393@mwanda (mailing list archive)
State New, archived
Headers show

Commit Message

Dan Carpenter June 11, 2015, 8:49 a.m. UTC 
debugfs_create_file() can return an error pointer if debugfs is disabled
or it can return NULL on error.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Comments

Walter Harms June 11, 2015, 12:03 p.m. UTC | #1 
Am 11.06.2015 10:49, schrieb Dan Carpenter:
> debugfs_create_file() can return an error pointer if debugfs is disabled
> or it can return NULL on error.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
> index 36be03c..adba2a1 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
> @@ -1980,6 +1980,8 @@ static int amdgpu_debugfs_regs_init(struct amdgpu_device *adev)
>  				  adev, &amdgpu_debugfs_regs_fops);
>  	if (IS_ERR(ent))
>  		return PTR_ERR(ent);
> +	if (!ent)
> +		return -ENOMEM;
>  	i_size_write(ent->d_inode, adev->rmmio_size);
>  	adev->debugfs_regs = ent;



would  PTR_ERR_OR_ZERO() by an option ?

on the other hand,
why does debugfs_create_file() does not return -ENOMEN instead of NULL ?


re,
 wh


> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
Dan Carpenter June 11, 2015, 12:20 p.m. UTC | #2 
On Thu, Jun 11, 2015 at 02:03:18PM +0200, walter harms wrote:
> 
> 
> Am 11.06.2015 10:49, schrieb Dan Carpenter:
> > debugfs_create_file() can return an error pointer if debugfs is disabled
> > or it can return NULL on error.
> > 
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > 
> > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
> > index 36be03c..adba2a1 100644
> > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
> > @@ -1980,6 +1980,8 @@ static int amdgpu_debugfs_regs_init(struct amdgpu_device *adev)
> >  				  adev, &amdgpu_debugfs_regs_fops);
> >  	if (IS_ERR(ent))
> >  		return PTR_ERR(ent);
> > +	if (!ent)
> > +		return -ENOMEM;
> >  	i_size_write(ent->d_inode, adev->rmmio_size);
> >  	adev->debugfs_regs = ent;
> 
> 
> 
> would  PTR_ERR_OR_ZERO() by an option ?
> 
> on the other hand,
> why does debugfs_create_file() does not return -ENOMEN instead of NULL ?
> 

Actually if debugfs is disabled then we should probably carry on.  Let
me change it to:

	if (IS_ERR(ent))
		return 0;

	if (!ent)
		return -ENOMEM;

regards,
dan carpenter
Walter Harms June 11, 2015, 2:35 p.m. UTC | #3 
Am 11.06.2015 14:20, schrieb Dan Carpenter:
> On Thu, Jun 11, 2015 at 02:03:18PM +0200, walter harms wrote:
>>
>>
>> Am 11.06.2015 10:49, schrieb Dan Carpenter:
>>> debugfs_create_file() can return an error pointer if debugfs is disabled
>>> or it can return NULL on error.
>>>
>>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>>>
>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
>>> index 36be03c..adba2a1 100644
>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
>>> @@ -1980,6 +1980,8 @@ static int amdgpu_debugfs_regs_init(struct amdgpu_device *adev)
>>>  				  adev, &amdgpu_debugfs_regs_fops);
>>>  	if (IS_ERR(ent))
>>>  		return PTR_ERR(ent);
>>> +	if (!ent)
>>> +		return -ENOMEM;
>>>  	i_size_write(ent->d_inode, adev->rmmio_size);
>>>  	adev->debugfs_regs = ent;
>>
>>
>>
>> would  PTR_ERR_OR_ZERO() by an option ?
>>
>> on the other hand,
>> why does debugfs_create_file() does not return -ENOMEN instead of NULL ?
>>
> 
> Actually if debugfs is disabled then we should probably carry on.  Let
> me change it to:
> 
> 	if (IS_ERR(ent))
> 		return 0;
> 
> 	if (!ent)
> 		return -ENOMEM;
> 

You still have to check 2 types of error return here.
I simply do not understand why ebugfs_create_file() does not return -ENOMEM
(or returns NULL on any error).

re,
 wh
Dan Carpenter June 11, 2015, 2:51 p.m. UTC | #4 
On Thu, Jun 11, 2015 at 04:35:26PM +0200, walter harms wrote:
> You still have to check 2 types of error return here.
> I simply do not understand why ebugfs_create_file() does not return -ENOMEM
> (or returns NULL on any error).

To be honest, I don't know why debugfs_create_file() doesn't just return
NULL when it is configured out.  I think I have asked this before...

I think the answer is that it seemed like a good idea at the time.
These days we would probably prefer to use:

	if (enabled(CONFIG_DEBUGFS)) {

to test if it's there or not.  Maybe that's still the right thing to
check here.

But debugfs error handling is designed so that under normal situations
you don't have to check for errors.  It turns out that everyone still
does because they are used to checking for errors.

The only reason we have to check here is because we do:

	i_size_write(ent->d_inode, adev->rmmio_size);
                     ^^^^^^^^^^^^

Dereference.

regards,
dan carpenter
diff mbox

Patch

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
index 36be03c..adba2a1 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
@@ -1980,6 +1980,8 @@  static int amdgpu_debugfs_regs_init(struct amdgpu_device *adev)
 				  adev, &amdgpu_debugfs_regs_fops);
 	if (IS_ERR(ent))
 		return PTR_ERR(ent);
+	if (!ent)
+		return -ENOMEM;
 	i_size_write(ent->d_inode, adev->rmmio_size);
 	adev->debugfs_regs = ent;