[PATCH] drm/mm: prevent a potential null-pointer dereference

Christian König christian.koenig at amd.com
Thu Sep 10 08:58:21 UTC 2020


Am 10.09.20 um 04:38 schrieb Jing Xiangfeng:
> The macro 'DECLARE_NEXT_HOLE_ADDR' may hit a potential null-pointer
> dereference. So use 'entry' after checking it.

I don't see a potential null-pointer dereference here.

Where should that be?

Christian.

>
> Fixes: 5fad79fd66ff ("drm/mm: cleanup and improve next_hole_*_addr()")
> Signed-off-by: Jing Xiangfeng <jingxiangfeng at huawei.com>
> ---
>   drivers/gpu/drm/drm_mm.c | 7 +++++--
>   1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c
> index a4a04d246135..6fcf70f71962 100644
> --- a/drivers/gpu/drm/drm_mm.c
> +++ b/drivers/gpu/drm/drm_mm.c
> @@ -392,11 +392,14 @@ first_hole(struct drm_mm *mm,
>   #define DECLARE_NEXT_HOLE_ADDR(name, first, last)			\
>   static struct drm_mm_node *name(struct drm_mm_node *entry, u64 size)	\
>   {									\
> -	struct rb_node *parent, *node = &entry->rb_hole_addr;		\
> +	struct rb_node *parent, *node;					\
>   									\
> -	if (!entry || RB_EMPTY_NODE(node))				\
> +	if (!entry)							\
>   		return NULL;						\
>   									\
> +	node = &entry->rb_hole_addr;					\
> +	if (RB_EMPTY_NODE(node))					\
> +		return NULL;						\
>   	if (usable_hole_addr(node->first, size)) {			\
>   		node = node->first;					\
>   		while (usable_hole_addr(node->last, size))		\



More information about the dri-devel mailing list