Message ID | 20211004134530.GB11689@kili (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | drm/msm: Fix potential Oops in a6xx_gmu_rpmh_init() | expand |
On 04/10/2021 16:45, Dan Carpenter wrote: > There are two problems here: > 1) The "seqptr" is used uninitalized when we free it at the end. This looks like a nice catch, potentially causing troubles. > 2) The a6xx_gmu_get_mmio() function returns error pointers. It never > returns true. > > Fixes: 64245fc55172 ("drm/msm/a6xx: use AOP-initialized PDC for a650") > Fixes: f8fc924e088e ("drm/msm/a6xx: Fix PDC register overlap") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > --- > drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c > index a7c58018959f..3bd6e579ea89 100644 > --- a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c > +++ b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c > @@ -512,11 +512,11 @@ static void a6xx_gmu_rpmh_init(struct a6xx_gmu *gmu) > struct adreno_gpu *adreno_gpu = &a6xx_gpu->base; > struct platform_device *pdev = to_platform_device(gmu->dev); > void __iomem *pdcptr = a6xx_gmu_get_mmio(pdev, "gmu_pdc"); > - void __iomem *seqptr; > + void __iomem *seqptr = NULL; > uint32_t pdc_address_offset; > bool pdc_in_aop = false; > > - if (!pdcptr) > + if (IS_ERR(pdcptr)) > goto err; > > if (adreno_is_a650(adreno_gpu) || adreno_is_a660_family(adreno_gpu)) > @@ -528,7 +528,7 @@ static void a6xx_gmu_rpmh_init(struct a6xx_gmu *gmu) > > if (!pdc_in_aop) { > seqptr = a6xx_gmu_get_mmio(pdev, "gmu_pdc_seq"); > - if (!seqptr) > + if (IS_ERR(seqptr)) > goto err; > } > >
diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c index a7c58018959f..3bd6e579ea89 100644 --- a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c +++ b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c @@ -512,11 +512,11 @@ static void a6xx_gmu_rpmh_init(struct a6xx_gmu *gmu) struct adreno_gpu *adreno_gpu = &a6xx_gpu->base; struct platform_device *pdev = to_platform_device(gmu->dev); void __iomem *pdcptr = a6xx_gmu_get_mmio(pdev, "gmu_pdc"); - void __iomem *seqptr; + void __iomem *seqptr = NULL; uint32_t pdc_address_offset; bool pdc_in_aop = false; - if (!pdcptr) + if (IS_ERR(pdcptr)) goto err; if (adreno_is_a650(adreno_gpu) || adreno_is_a660_family(adreno_gpu)) @@ -528,7 +528,7 @@ static void a6xx_gmu_rpmh_init(struct a6xx_gmu *gmu) if (!pdc_in_aop) { seqptr = a6xx_gmu_get_mmio(pdev, "gmu_pdc_seq"); - if (!seqptr) + if (IS_ERR(seqptr)) goto err; }
There are two problems here: 1) The "seqptr" is used uninitalized when we free it at the end. 2) The a6xx_gmu_get_mmio() function returns error pointers. It never returns true. Fixes: 64245fc55172 ("drm/msm/a6xx: use AOP-initialized PDC for a650") Fixes: f8fc924e088e ("drm/msm/a6xx: Fix PDC register overlap") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)