[linux-next:master 6397/7105] drivers/gpu/drm/xe/xe_oa.c:293 xe_oa_add_config_ioctl() error: we previously assumed 'oa->xe' could be null (see line 292)
Dan Carpenter
dan.carpenter at linaro.org
Thu Jun 20 06:59:35 UTC 2024
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: 2102cb0d050d34d50b9642a3a50861787527e922
commit: cdf02fe1a94a768cbcd20f5c4e1a1d805f4a06c0 [6397/7105] drm/xe/oa/uapi: Add/remove OA config perf ops
config: x86_64-randconfig-161-20240620 (https://download.01.org/0day-ci/archive/20240620/202406200703.72WIWhEJ-lkp@intel.com/config)
compiler: gcc-13 (Ubuntu 13.2.0-4ubuntu3) 13.2.0
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp at intel.com>
| Reported-by: Dan Carpenter <dan.carpenter at linaro.org>
| Closes: https://lore.kernel.org/r/202406200703.72WIWhEJ-lkp@intel.com/
smatch warnings:
drivers/gpu/drm/xe/xe_oa.c:293 xe_oa_add_config_ioctl() error: we previously assumed 'oa->xe' could be null (see line 292)
drivers/gpu/drm/xe/xe_oa.c:392 xe_oa_remove_config_ioctl() error: we previously assumed 'oa->xe' could be null (see line 391)
vim +293 drivers/gpu/drm/xe/xe_oa.c
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 283 int xe_oa_add_config_ioctl(struct drm_device *dev, u64 data, struct drm_file *file)
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 284 {
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 285 struct xe_oa *oa = &to_xe_device(dev)->oa;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 286 struct drm_xe_oa_config param;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 287 struct drm_xe_oa_config *arg = ¶m;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 288 struct xe_oa_config *oa_config, *tmp;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 289 struct xe_oa_reg *regs;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 290 int err, id;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 291
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 @292 if (!oa->xe) {
^^^^^^
Pointer is NULL
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 @293 drm_dbg(&oa->xe->drm, "xe oa interface not available for this system\n");
^^^^^^^^^^^^
Dereferenced.
"Real Fact": This is drm_dbg() but the dev_dbg() macro has magic sanity
checking where instead of checking for if the device is NULL, it checks
for if the (drm < (void *)PAGE_SIZE). That catches this sort of bug.
Hyrum’s Law applies here where people have taken advantage of this to
deliberately pass garbage pointers to dev_dbg().
I feel like in a different life I could have had a career writing facts
for Snapple bottle caps. My talents are wasted.
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 294 return -ENODEV;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 295 }
[ snip ]
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 384 int xe_oa_remove_config_ioctl(struct drm_device *dev, u64 data, struct drm_file *file)
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 385 {
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 386 struct xe_oa *oa = &to_xe_device(dev)->oa;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 387 struct xe_oa_config *oa_config;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 388 u64 arg, *ptr = u64_to_user_ptr(data);
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 389 int ret;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 390
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 @391 if (!oa->xe) {
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 @392 drm_dbg(&oa->xe->drm, "xe oa interface not available for this system\n");
^^^^^^^^^^^^
Same.
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 393 return -ENODEV;
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 394 }
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 395
cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 396 if (xe_perf_stream_paranoid && !perfmon_capable()) {
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
More information about the Intel-xe
mailing list