diff mbox

[-next] drm/i915: fix potential NULL pointer dereference in i915_gem_context_get_hang_stats()

Message ID CAPgLHd81aZqECw1TrnVUF5iDLVw1-NQQvC43dw8v1bsTzYBQ0w@mail.gmail.com (mailing list archive)
State New, archived
Headers show

Commit Message

Wei Yongjun June 20, 2013, 12:01 a.m. UTC 
From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>

The dereference should be moved below the NULL test.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
---
 drivers/gpu/drm/i915/i915_gem_context.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Lespiau, Damien July 11, 2013, 6:23 p.m. UTC | #1 
On Thu, Jun 20, 2013 at 08:01:47AM +0800, Wei Yongjun wrote:
> From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
> 
> The dereference should be moved below the NULL test.
> 
> Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
> ---
>  drivers/gpu/drm/i915/i915_gem_context.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c
> index ff47145..f32107e 100644
> --- a/drivers/gpu/drm/i915/i915_gem_context.c
> +++ b/drivers/gpu/drm/i915/i915_gem_context.c
> @@ -309,7 +309,7 @@ i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
>  				u32 id)
>  {
>  	struct drm_i915_private *dev_priv = ring->dev->dev_private;
> -	struct drm_i915_file_private *file_priv = file->driver_priv;
> +	struct drm_i915_file_private *file_priv;
>  	struct i915_hw_context *to;
>  
>  	if (dev_priv->hw_contexts_disabled)
> @@ -321,6 +321,7 @@ i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
>  	if (file == NULL)
>  		return ERR_PTR(-EINVAL);
>  
> +	file_priv = file->driver_priv;
>  	if (id == DEFAULT_CONTEXT_ID)
>  		return &file_priv->hang_stats;

I think we could just not check for file == NULL here as it comes
directly from the ioctl() through i915_gem_execbuffer().

Patch coming...
diff mbox

Patch

diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c
index ff47145..f32107e 100644
--- a/drivers/gpu/drm/i915/i915_gem_context.c
+++ b/drivers/gpu/drm/i915/i915_gem_context.c
@@ -309,7 +309,7 @@  i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
 				u32 id)
 {
 	struct drm_i915_private *dev_priv = ring->dev->dev_private;
-	struct drm_i915_file_private *file_priv = file->driver_priv;
+	struct drm_i915_file_private *file_priv;
 	struct i915_hw_context *to;
 
 	if (dev_priv->hw_contexts_disabled)
@@ -321,6 +321,7 @@  i915_gem_context_get_hang_stats(struct intel_ring_buffer *ring,
 	if (file == NULL)
 		return ERR_PTR(-EINVAL);
 
+	file_priv = file->driver_priv;
 	if (id == DEFAULT_CONTEXT_ID)
 		return &file_priv->hang_stats;