[linux-next:master 6397/7105] drivers/gpu/drm/xe/xe_oa.c:293 xe_oa_add_config_ioctl() error: we previously assumed 'oa->xe' could be null (see line 292)
Michal Wajdeczko
michal.wajdeczko at intel.com
Thu Jun 20 08:29:11 UTC 2024
On 20.06.2024 08:59, Dan Carpenter wrote:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> head: 2102cb0d050d34d50b9642a3a50861787527e922
> commit: cdf02fe1a94a768cbcd20f5c4e1a1d805f4a06c0 [6397/7105] drm/xe/oa/uapi: Add/remove OA config perf ops
> config: x86_64-randconfig-161-20240620 (https://download.01.org/0day-ci/archive/20240620/202406200703.72WIWhEJ-lkp@intel.com/config)
> compiler: gcc-13 (Ubuntu 13.2.0-4ubuntu3) 13.2.0
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp at intel.com>
> | Reported-by: Dan Carpenter <dan.carpenter at linaro.org>
> | Closes: https://lore.kernel.org/r/202406200703.72WIWhEJ-lkp@intel.com/
>
> smatch warnings:
> drivers/gpu/drm/xe/xe_oa.c:293 xe_oa_add_config_ioctl() error: we previously assumed 'oa->xe' could be null (see line 292)
> drivers/gpu/drm/xe/xe_oa.c:392 xe_oa_remove_config_ioctl() error: we previously assumed 'oa->xe' could be null (see line 391)
the fix was already posted earlier [1]
[1] https://patchwork.freedesktop.org/patch/599969/?series=135074&rev=1
>
> vim +293 drivers/gpu/drm/xe/xe_oa.c
>
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 283 int xe_oa_add_config_ioctl(struct drm_device *dev, u64 data, struct drm_file *file)
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 284 {
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 285 struct xe_oa *oa = &to_xe_device(dev)->oa;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 286 struct drm_xe_oa_config param;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 287 struct drm_xe_oa_config *arg = ¶m;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 288 struct xe_oa_config *oa_config, *tmp;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 289 struct xe_oa_reg *regs;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 290 int err, id;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 291
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 @292 if (!oa->xe) {
> ^^^^^^
> Pointer is NULL
>
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 @293 drm_dbg(&oa->xe->drm, "xe oa interface not available for this system\n");
> ^^^^^^^^^^^^
> Dereferenced.
>
> "Real Fact": This is drm_dbg() but the dev_dbg() macro has magic sanity
> checking where instead of checking for if the device is NULL, it checks
> for if the (drm < (void *)PAGE_SIZE). That catches this sort of bug.
> Hyrum’s Law applies here where people have taken advantage of this to
> deliberately pass garbage pointers to dev_dbg().
>
> I feel like in a different life I could have had a career writing facts
> for Snapple bottle caps. My talents are wasted.
>
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 294 return -ENODEV;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 295 }
>
> [ snip ]
>
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 384 int xe_oa_remove_config_ioctl(struct drm_device *dev, u64 data, struct drm_file *file)
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 385 {
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 386 struct xe_oa *oa = &to_xe_device(dev)->oa;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 387 struct xe_oa_config *oa_config;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 388 u64 arg, *ptr = u64_to_user_ptr(data);
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 389 int ret;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 390
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 @391 if (!oa->xe) {
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 @392 drm_dbg(&oa->xe->drm, "xe oa interface not available for this system\n");
> ^^^^^^^^^^^^
> Same.
>
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 393 return -ENODEV;
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 394 }
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 395
> cdf02fe1a94a76 Ashutosh Dixit 2024-06-17 396 if (xe_perf_stream_paranoid && !perfmon_capable()) {
>
More information about the Intel-xe
mailing list