[PATCH 3/5] drm/amdgpu: Fix null pointer dereference to aca_handle

Lazar, Lijo lijo.lazar at amd.com
Tue May 14 04:18:48 UTC 2024 


On 5/14/2024 6:30 AM, Ma, Jun wrote:
> Hi Lijo & Kevin, thanks for review, will drop this patch
> 

In the original function below check is there.

        if (!handle || !info || type >= ACA_ERROR_TYPE_COUNT)
                return -EINVAL;

So moving this to a later stage is still valid.
	struct aca_error_cache *error_cache = &handle->error_cache;

Further NULL check of error_cache is not required.

Thanks,
Lijo

> Regards,
> Ma Jun
> 
> On 5/14/2024 7:13 AM, Wang, Yang(Kevin) wrote:
>> [AMD Official Use Only - AMD Internal Distribution Only]
>>
>> -----Original Message-----
>> From: Ma, Jun <Jun.Ma2 at amd.com>
>> Sent: Monday, May 13, 2024 4:56 PM
>> To: amd-gfx at lists.freedesktop.org
>> Cc: Feng, Kenneth <Kenneth.Feng at amd.com>; Deucher, Alexander <Alexander.Deucher at amd.com>; Wang, Yang(Kevin) <KevinYang.Wang at amd.com>; Koenig, Christian <Christian.Koenig at amd.com>; Ma, Jun <Jun.Ma2 at amd.com>
>> Subject: [PATCH 3/5] drm/amdgpu: Fix null pointer dereference to aca_handle
>>
>> Check handle pointer before using it
>>
>> Signed-off-by: Ma Jun <Jun.Ma2 at amd.com>
>> ---
>>  drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 6 +++++-
>>  1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c
>> index 28febf33fb1b..e969a7d77b4d 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c
>> @@ -279,7 +279,7 @@ static struct aca_bank_error *get_bank_error(struct aca_error *aerr, struct aca_  int aca_error_cache_log_bank_error(struct aca_handle *handle, struct aca_bank_info *info,
>>                                    enum aca_error_type type, u64 count)  {
>> -       struct aca_error_cache *error_cache = &handle->error_cache;
>> +       struct aca_error_cache *error_cache;
>>         struct aca_bank_error *bank_error;
>>         struct aca_error *aerr;
>>
>> @@ -289,6 +289,10 @@ int aca_error_cache_log_bank_error(struct aca_handle *handle, struct aca_bank_in
>>         if (!count)
>>                 return 0;
>>
>> +       error_cache = &handle->error_cache;
>> [Kevin]:
>> The above code is always return non-0 value, right?
>>
>> Best Regards,
>> Kevin
>> +       if (!error_cache)
>> +               return -EINVAL;
>> +
>>         aerr = &error_cache->errors[type];
>>         bank_error = get_bank_error(aerr, info);
>>         if (!bank_error)
>> --
>> 2.34.1
>>

More information about the amd-gfx mailing list