* Re: [PATCH] drm/radeon:avoid null pointer dereference when dev is not bound
@ 2021-01-04 17:00 ` Alex Deucher
0 siblings, 0 replies; 8+ messages in thread
From: Alex Deucher @ 2021-01-04 17:00 UTC (permalink / raw)
To: Defang Bo
Cc: Dave Airlie, LKML, amd-gfx list, Maling list - DRI developers,
Daniel Vetter, Deucher, Alexander
On Sun, Dec 27, 2020 at 3:56 PM Defang Bo <bodefang@126.com> wrote:
>
> [Why]
> Similar to commit<0fa375e6>. If the set_state/can_switch code access the drm_device when dev is not bound,
> a null pointer dereference can happen.
>
> [How]
> Add sanity checks to prevent it.
>
> Signed-off-by: Defang Bo <bodefang@126.com>
Are you actually hitting this or is this just defensive? I don't
think we can actually get into a state where this would be a problem.
Alex
> ---
> drivers/gpu/drm/radeon/radeon_device.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
> index 266e3cb..50a1a60 100644
> --- a/drivers/gpu/drm/radeon/radeon_device.c
> +++ b/drivers/gpu/drm/radeon/radeon_device.c
> @@ -1224,6 +1224,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero
> {
> struct drm_device *dev = pci_get_drvdata(pdev);
>
> + if (!dev)
> + return;
> +
> if (radeon_is_px(dev) && state == VGA_SWITCHEROO_OFF)
> return;
>
> @@ -1257,6 +1260,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero
> static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
> {
> struct drm_device *dev = pci_get_drvdata(pdev);
> +
> + if (!dev)
> + return false;
>
> /*
> * FIXME: open_count is protected by drm_global_mutex but that would lead to
> --
> 2.7.4
>
> _______________________________________________
> amd-gfx mailing list
> amd-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] drm/radeon:avoid null pointer dereference when dev is not bound
@ 2021-01-04 17:00 ` Alex Deucher
0 siblings, 0 replies; 8+ messages in thread
From: Alex Deucher @ 2021-01-04 17:00 UTC (permalink / raw)
To: Defang Bo
Cc: Dave Airlie, LKML, amd-gfx list, Maling list - DRI developers,
Deucher, Alexander
On Sun, Dec 27, 2020 at 3:56 PM Defang Bo <bodefang@126.com> wrote:
>
> [Why]
> Similar to commit<0fa375e6>. If the set_state/can_switch code access the drm_device when dev is not bound,
> a null pointer dereference can happen.
>
> [How]
> Add sanity checks to prevent it.
>
> Signed-off-by: Defang Bo <bodefang@126.com>
Are you actually hitting this or is this just defensive? I don't
think we can actually get into a state where this would be a problem.
Alex
> ---
> drivers/gpu/drm/radeon/radeon_device.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
> index 266e3cb..50a1a60 100644
> --- a/drivers/gpu/drm/radeon/radeon_device.c
> +++ b/drivers/gpu/drm/radeon/radeon_device.c
> @@ -1224,6 +1224,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero
> {
> struct drm_device *dev = pci_get_drvdata(pdev);
>
> + if (!dev)
> + return;
> +
> if (radeon_is_px(dev) && state == VGA_SWITCHEROO_OFF)
> return;
>
> @@ -1257,6 +1260,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero
> static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
> {
> struct drm_device *dev = pci_get_drvdata(pdev);
> +
> + if (!dev)
> + return false;
>
> /*
> * FIXME: open_count is protected by drm_global_mutex but that would lead to
> --
> 2.7.4
>
> _______________________________________________
> amd-gfx mailing list
> amd-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re:Re: [PATCH] drm/radeon:avoid null pointer dereference when dev is not bound
2021-01-04 17:00 ` Alex Deucher
@ 2021-01-05 2:43 ` bodefang
-1 siblings, 0 replies; 8+ messages in thread
From: bodefang @ 2021-01-05 2:43 UTC (permalink / raw)
To: Alex Deucher
Cc: Dave Airlie, LKML, amd-gfx list, Maling list - DRI developers,
Deucher, Alexander
[-- Attachment #1.1: Type: text/plain, Size: 1990 bytes --]
I use static analysis tool to find these funcs are similar to the commit<0fa375e6bc90>(drm/rockchip: Fix suspend crash when drm is not bound),so it's just defensive,
I haven't actually hitted this.
At 2021-01-05 01:00:27, "Alex Deucher" <alexdeucher@gmail.com> wrote:
>On Sun, Dec 27, 2020 at 3:56 PM Defang Bo <bodefang@126.com> wrote:
>>
>> [Why]
>> Similar to commit<0fa375e6>. If the set_state/can_switch code access the drm_device when dev is not bound,
>> a null pointer dereference can happen.
>>
>> [How]
>> Add sanity checks to prevent it.
>>
>> Signed-off-by: Defang Bo <bodefang@126.com>
>
>Are you actually hitting this or is this just defensive? I don't
>think we can actually get into a state where this would be a problem.
>
>Alex
>
>> ---
>> drivers/gpu/drm/radeon/radeon_device.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
>> index 266e3cb..50a1a60 100644
>> --- a/drivers/gpu/drm/radeon/radeon_device.c
>> +++ b/drivers/gpu/drm/radeon/radeon_device.c
>> @@ -1224,6 +1224,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero
>> {
>> struct drm_device *dev = pci_get_drvdata(pdev);
>>
>> + if (!dev)
>> + return;
>> +
>> if (radeon_is_px(dev) && state == VGA_SWITCHEROO_OFF)
>> return;
>>
>> @@ -1257,6 +1260,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero
>> static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
>> {
>> struct drm_device *dev = pci_get_drvdata(pdev);
>> +
>> + if (!dev)
>> + return false;
>>
>> /*
>> * FIXME: open_count is protected by drm_global_mutex but that would lead to
>> --
>> 2.7.4
>>
>> _______________________________________________
>> amd-gfx mailing list
>> amd-gfx@lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
[-- Attachment #1.2: Type: text/html, Size: 2578 bytes --]
[-- Attachment #2: Type: text/plain, Size: 160 bytes --]
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re:Re: [PATCH] drm/radeon:avoid null pointer dereference when dev is not bound
@ 2021-01-05 2:43 ` bodefang
0 siblings, 0 replies; 8+ messages in thread
From: bodefang @ 2021-01-05 2:43 UTC (permalink / raw)
To: Alex Deucher
Cc: Dave Airlie, LKML, amd-gfx list, Maling list - DRI developers,
Daniel Vetter, Deucher, Alexander
[-- Attachment #1.1: Type: text/plain, Size: 1990 bytes --]
I use static analysis tool to find these funcs are similar to the commit<0fa375e6bc90>(drm/rockchip: Fix suspend crash when drm is not bound),so it's just defensive,
I haven't actually hitted this.
At 2021-01-05 01:00:27, "Alex Deucher" <alexdeucher@gmail.com> wrote:
>On Sun, Dec 27, 2020 at 3:56 PM Defang Bo <bodefang@126.com> wrote:
>>
>> [Why]
>> Similar to commit<0fa375e6>. If the set_state/can_switch code access the drm_device when dev is not bound,
>> a null pointer dereference can happen.
>>
>> [How]
>> Add sanity checks to prevent it.
>>
>> Signed-off-by: Defang Bo <bodefang@126.com>
>
>Are you actually hitting this or is this just defensive? I don't
>think we can actually get into a state where this would be a problem.
>
>Alex
>
>> ---
>> drivers/gpu/drm/radeon/radeon_device.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
>> index 266e3cb..50a1a60 100644
>> --- a/drivers/gpu/drm/radeon/radeon_device.c
>> +++ b/drivers/gpu/drm/radeon/radeon_device.c
>> @@ -1224,6 +1224,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero
>> {
>> struct drm_device *dev = pci_get_drvdata(pdev);
>>
>> + if (!dev)
>> + return;
>> +
>> if (radeon_is_px(dev) && state == VGA_SWITCHEROO_OFF)
>> return;
>>
>> @@ -1257,6 +1260,9 @@ static void radeon_switcheroo_set_state(struct pci_dev *pdev, enum vga_switchero
>> static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
>> {
>> struct drm_device *dev = pci_get_drvdata(pdev);
>> +
>> + if (!dev)
>> + return false;
>>
>> /*
>> * FIXME: open_count is protected by drm_global_mutex but that would lead to
>> --
>> 2.7.4
>>
>> _______________________________________________
>> amd-gfx mailing list
>> amd-gfx@lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
[-- Attachment #1.2: Type: text/html, Size: 2578 bytes --]
[-- Attachment #2: Type: text/plain, Size: 154 bytes --]
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
^ permalink raw reply [flat|nested] 8+ messages in thread