* [PATCH 1/2] drm/amdgpu: debugfs: fix error codes in write functions
@ 2022-04-26 8:48 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2022-04-26 8:48 UTC (permalink / raw)
To: Alex Deucher, Candice Li
Cc: Tao Zhou, David Airlie, Pan, Xinhui, kernel-janitors, amd-gfx,
dri-devel, John Clements, Christian König, Hawking Zhang
There are two error code bugs here. The copy_to/from_user() functions
return the number of bytes remaining (a positive number). We should
return -EFAULT if the copy fails.
Second if we fail because "context.resp_status" is non-zero then return
-EINVAL instead of zero.
Fixes: e50d9ba0d2cd ("drm/amdgpu: Add debugfs TA load/unload/invoke support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
There are a bunch of exit paths where copy_from_user() fails and this
function returns -EINVAL which is wrong as well. If the copy fails it
should be -EFAULT. If the data is bad, then -EINVAL.
drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
index 247a476e6354..32bcc20b9e3f 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
@@ -159,9 +159,10 @@ static ssize_t ta_if_load_debugfs_write(struct file *fp, const char *buf, size_t
ta_bin = kzalloc(ta_bin_len, GFP_KERNEL);
if (!ta_bin)
ret = -ENOMEM;
- ret = copy_from_user((void *)ta_bin, &buf[copy_pos], ta_bin_len);
- if (ret)
+ if (copy_from_user((void *)ta_bin, &buf[copy_pos], ta_bin_len)) {
+ ret = -EFAULT;
goto err_free_bin;
+ }
ret = psp_ras_terminate(psp);
if (ret) {
@@ -180,11 +181,14 @@ static ssize_t ta_if_load_debugfs_write(struct file *fp, const char *buf, size_t
if (ret || context.resp_status) {
dev_err(adev->dev, "TA load via debugfs failed (%d) status %d\n",
ret, context.resp_status);
+ if (!ret)
+ ret = -EINVAL;
goto err_free_bin;
}
context.initialized = true;
- ret = copy_to_user((char *)buf, (void *)&context.session_id, sizeof(uint32_t));
+ if (copy_to_user((char *)buf, (void *)&context.session_id, sizeof(uint32_t)))
+ ret = -EFAULT;
err_free_bin:
kfree(ta_bin);
@@ -251,9 +255,10 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
shared_buf = kzalloc(shared_buf_len, GFP_KERNEL);
if (!shared_buf)
ret = -ENOMEM;
- ret = copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len);
- if (ret)
+ if (copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len)) {
+ ret = -EFAULT;
goto err_free_shared_buf;
+ }
context.session_id = ta_id;
@@ -264,10 +269,13 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
if (ret || context.resp_status) {
dev_err(adev->dev, "TA invoke via debugfs failed (%d) status %d\n",
ret, context.resp_status);
+ if (!ret)
+ ret = -EINVAL;
goto err_free_ta_shared_buf;
}
- ret = copy_to_user((char *)buf, context.mem_context.shared_buf, shared_buf_len);
+ if (copy_to_user((char *)buf, context.mem_context.shared_buf, shared_buf_len))
+ ret = -EFAULT;
err_free_ta_shared_buf:
psp_ta_free_shared_buf(&context.mem_context);
--
2.35.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 1/2] drm/amdgpu: debugfs: fix error codes in write functions
@ 2022-04-26 8:48 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2022-04-26 8:48 UTC (permalink / raw)
To: Alex Deucher, Candice Li
Cc: Tao Zhou, David Airlie, Pan, Xinhui, kernel-janitors, amd-gfx,
dri-devel, Daniel Vetter, John Clements, Christian König,
Hawking Zhang
There are two error code bugs here. The copy_to/from_user() functions
return the number of bytes remaining (a positive number). We should
return -EFAULT if the copy fails.
Second if we fail because "context.resp_status" is non-zero then return
-EINVAL instead of zero.
Fixes: e50d9ba0d2cd ("drm/amdgpu: Add debugfs TA load/unload/invoke support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
There are a bunch of exit paths where copy_from_user() fails and this
function returns -EINVAL which is wrong as well. If the copy fails it
should be -EFAULT. If the data is bad, then -EINVAL.
drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
index 247a476e6354..32bcc20b9e3f 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
@@ -159,9 +159,10 @@ static ssize_t ta_if_load_debugfs_write(struct file *fp, const char *buf, size_t
ta_bin = kzalloc(ta_bin_len, GFP_KERNEL);
if (!ta_bin)
ret = -ENOMEM;
- ret = copy_from_user((void *)ta_bin, &buf[copy_pos], ta_bin_len);
- if (ret)
+ if (copy_from_user((void *)ta_bin, &buf[copy_pos], ta_bin_len)) {
+ ret = -EFAULT;
goto err_free_bin;
+ }
ret = psp_ras_terminate(psp);
if (ret) {
@@ -180,11 +181,14 @@ static ssize_t ta_if_load_debugfs_write(struct file *fp, const char *buf, size_t
if (ret || context.resp_status) {
dev_err(adev->dev, "TA load via debugfs failed (%d) status %d\n",
ret, context.resp_status);
+ if (!ret)
+ ret = -EINVAL;
goto err_free_bin;
}
context.initialized = true;
- ret = copy_to_user((char *)buf, (void *)&context.session_id, sizeof(uint32_t));
+ if (copy_to_user((char *)buf, (void *)&context.session_id, sizeof(uint32_t)))
+ ret = -EFAULT;
err_free_bin:
kfree(ta_bin);
@@ -251,9 +255,10 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
shared_buf = kzalloc(shared_buf_len, GFP_KERNEL);
if (!shared_buf)
ret = -ENOMEM;
- ret = copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len);
- if (ret)
+ if (copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len)) {
+ ret = -EFAULT;
goto err_free_shared_buf;
+ }
context.session_id = ta_id;
@@ -264,10 +269,13 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
if (ret || context.resp_status) {
dev_err(adev->dev, "TA invoke via debugfs failed (%d) status %d\n",
ret, context.resp_status);
+ if (!ret)
+ ret = -EINVAL;
goto err_free_ta_shared_buf;
}
- ret = copy_to_user((char *)buf, context.mem_context.shared_buf, shared_buf_len);
+ if (copy_to_user((char *)buf, context.mem_context.shared_buf, shared_buf_len))
+ ret = -EFAULT;
err_free_ta_shared_buf:
psp_ta_free_shared_buf(&context.mem_context);
--
2.35.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 1/2] drm/amdgpu: debugfs: fix error codes in write functions
@ 2022-04-26 8:48 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2022-04-26 8:48 UTC (permalink / raw)
To: Alex Deucher, Candice Li
Cc: Christian König, Pan, Xinhui, David Airlie, Daniel Vetter,
Tao Zhou, John Clements, Hawking Zhang, amd-gfx, dri-devel,
kernel-janitors
There are two error code bugs here. The copy_to/from_user() functions
return the number of bytes remaining (a positive number). We should
return -EFAULT if the copy fails.
Second if we fail because "context.resp_status" is non-zero then return
-EINVAL instead of zero.
Fixes: e50d9ba0d2cd ("drm/amdgpu: Add debugfs TA load/unload/invoke support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
There are a bunch of exit paths where copy_from_user() fails and this
function returns -EINVAL which is wrong as well. If the copy fails it
should be -EFAULT. If the data is bad, then -EINVAL.
drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
index 247a476e6354..32bcc20b9e3f 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
@@ -159,9 +159,10 @@ static ssize_t ta_if_load_debugfs_write(struct file *fp, const char *buf, size_t
ta_bin = kzalloc(ta_bin_len, GFP_KERNEL);
if (!ta_bin)
ret = -ENOMEM;
- ret = copy_from_user((void *)ta_bin, &buf[copy_pos], ta_bin_len);
- if (ret)
+ if (copy_from_user((void *)ta_bin, &buf[copy_pos], ta_bin_len)) {
+ ret = -EFAULT;
goto err_free_bin;
+ }
ret = psp_ras_terminate(psp);
if (ret) {
@@ -180,11 +181,14 @@ static ssize_t ta_if_load_debugfs_write(struct file *fp, const char *buf, size_t
if (ret || context.resp_status) {
dev_err(adev->dev, "TA load via debugfs failed (%d) status %d\n",
ret, context.resp_status);
+ if (!ret)
+ ret = -EINVAL;
goto err_free_bin;
}
context.initialized = true;
- ret = copy_to_user((char *)buf, (void *)&context.session_id, sizeof(uint32_t));
+ if (copy_to_user((char *)buf, (void *)&context.session_id, sizeof(uint32_t)))
+ ret = -EFAULT;
err_free_bin:
kfree(ta_bin);
@@ -251,9 +255,10 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
shared_buf = kzalloc(shared_buf_len, GFP_KERNEL);
if (!shared_buf)
ret = -ENOMEM;
- ret = copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len);
- if (ret)
+ if (copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len)) {
+ ret = -EFAULT;
goto err_free_shared_buf;
+ }
context.session_id = ta_id;
@@ -264,10 +269,13 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
if (ret || context.resp_status) {
dev_err(adev->dev, "TA invoke via debugfs failed (%d) status %d\n",
ret, context.resp_status);
+ if (!ret)
+ ret = -EINVAL;
goto err_free_ta_shared_buf;
}
- ret = copy_to_user((char *)buf, context.mem_context.shared_buf, shared_buf_len);
+ if (copy_to_user((char *)buf, context.mem_context.shared_buf, shared_buf_len))
+ ret = -EFAULT;
err_free_ta_shared_buf:
psp_ta_free_shared_buf(&context.mem_context);
--
2.35.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write()
2022-04-26 8:48 ` Dan Carpenter
(?)
@ 2022-04-26 8:49 ` Dan Carpenter
-1 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2022-04-26 8:49 UTC (permalink / raw)
To: Alex Deucher, Candice Li
Cc: Tao Zhou, David Airlie, Pan, Xinhui, kernel-janitors, amd-gfx,
dri-devel, John Clements, Christian König, Hawking Zhang
If the kzalloc() fails then this code will crash. Return -ENOMEM instead.
Fixes: e50d9ba0d2cd ("drm/amdgpu: Add debugfs TA load/unload/invoke support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
This would look nicer as:
shared_buf = memdup_user(&buf[copy_pos], shared_buf_len);
if (IS_ERR(shared_buf))
return PTR_ERR(shared_buf);
Probably eventually this will be sent as an automated Coccinelle patch?
drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
index 32bcc20b9e3f..6806deb098d3 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
@@ -254,7 +254,7 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
shared_buf = kzalloc(shared_buf_len, GFP_KERNEL);
if (!shared_buf)
- ret = -ENOMEM;
+ return -ENOMEM;
if (copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len)) {
ret = -EFAULT;
goto err_free_shared_buf;
--
2.35.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write()
@ 2022-04-26 8:49 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2022-04-26 8:49 UTC (permalink / raw)
To: Alex Deucher, Candice Li
Cc: Tao Zhou, David Airlie, Pan, Xinhui, kernel-janitors, amd-gfx,
dri-devel, Daniel Vetter, John Clements, Christian König,
Hawking Zhang
If the kzalloc() fails then this code will crash. Return -ENOMEM instead.
Fixes: e50d9ba0d2cd ("drm/amdgpu: Add debugfs TA load/unload/invoke support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
This would look nicer as:
shared_buf = memdup_user(&buf[copy_pos], shared_buf_len);
if (IS_ERR(shared_buf))
return PTR_ERR(shared_buf);
Probably eventually this will be sent as an automated Coccinelle patch?
drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
index 32bcc20b9e3f..6806deb098d3 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
@@ -254,7 +254,7 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
shared_buf = kzalloc(shared_buf_len, GFP_KERNEL);
if (!shared_buf)
- ret = -ENOMEM;
+ return -ENOMEM;
if (copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len)) {
ret = -EFAULT;
goto err_free_shared_buf;
--
2.35.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write()
@ 2022-04-26 8:49 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2022-04-26 8:49 UTC (permalink / raw)
To: Alex Deucher, Candice Li
Cc: Christian König, Pan, Xinhui, David Airlie, Daniel Vetter,
Tao Zhou, Hawking Zhang, John Clements, amd-gfx, dri-devel,
kernel-janitors
If the kzalloc() fails then this code will crash. Return -ENOMEM instead.
Fixes: e50d9ba0d2cd ("drm/amdgpu: Add debugfs TA load/unload/invoke support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
This would look nicer as:
shared_buf = memdup_user(&buf[copy_pos], shared_buf_len);
if (IS_ERR(shared_buf))
return PTR_ERR(shared_buf);
Probably eventually this will be sent as an automated Coccinelle patch?
drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
index 32bcc20b9e3f..6806deb098d3 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
@@ -254,7 +254,7 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
shared_buf = kzalloc(shared_buf_len, GFP_KERNEL);
if (!shared_buf)
- ret = -ENOMEM;
+ return -ENOMEM;
if (copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len)) {
ret = -EFAULT;
goto err_free_shared_buf;
--
2.35.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write()
2022-04-26 8:49 ` Dan Carpenter
(?)
@ 2022-04-26 14:47 ` Alex Deucher
-1 siblings, 0 replies; 12+ messages in thread
From: Alex Deucher @ 2022-04-26 14:47 UTC (permalink / raw)
To: Dan Carpenter
Cc: Alex Deucher, Candice Li, Tao Zhou, David Airlie, Pan, Xinhui,
kernel-janitors, amd-gfx list, Maling list - DRI developers,
Daniel Vetter, John Clements, Christian König,
Hawking Zhang
Applied the series. Thanks!
Alex
On Tue, Apr 26, 2022 at 4:49 AM Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> If the kzalloc() fails then this code will crash. Return -ENOMEM instead.
>
> Fixes: e50d9ba0d2cd ("drm/amdgpu: Add debugfs TA load/unload/invoke support")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> This would look nicer as:
>
> shared_buf = memdup_user(&buf[copy_pos], shared_buf_len);
> if (IS_ERR(shared_buf))
> return PTR_ERR(shared_buf);
>
> Probably eventually this will be sent as an automated Coccinelle patch?
>
> drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> index 32bcc20b9e3f..6806deb098d3 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> @@ -254,7 +254,7 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
>
> shared_buf = kzalloc(shared_buf_len, GFP_KERNEL);
> if (!shared_buf)
> - ret = -ENOMEM;
> + return -ENOMEM;
> if (copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len)) {
> ret = -EFAULT;
> goto err_free_shared_buf;
> --
> 2.35.1
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write()
@ 2022-04-26 14:47 ` Alex Deucher
0 siblings, 0 replies; 12+ messages in thread
From: Alex Deucher @ 2022-04-26 14:47 UTC (permalink / raw)
To: Dan Carpenter
Cc: Tao Zhou, David Airlie, Pan, Xinhui, kernel-janitors,
amd-gfx list, Maling list - DRI developers, Alex Deucher,
Candice Li, John Clements, Christian König, Hawking Zhang
Applied the series. Thanks!
Alex
On Tue, Apr 26, 2022 at 4:49 AM Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> If the kzalloc() fails then this code will crash. Return -ENOMEM instead.
>
> Fixes: e50d9ba0d2cd ("drm/amdgpu: Add debugfs TA load/unload/invoke support")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> This would look nicer as:
>
> shared_buf = memdup_user(&buf[copy_pos], shared_buf_len);
> if (IS_ERR(shared_buf))
> return PTR_ERR(shared_buf);
>
> Probably eventually this will be sent as an automated Coccinelle patch?
>
> drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> index 32bcc20b9e3f..6806deb098d3 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> @@ -254,7 +254,7 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
>
> shared_buf = kzalloc(shared_buf_len, GFP_KERNEL);
> if (!shared_buf)
> - ret = -ENOMEM;
> + return -ENOMEM;
> if (copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len)) {
> ret = -EFAULT;
> goto err_free_shared_buf;
> --
> 2.35.1
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write()
@ 2022-04-26 14:47 ` Alex Deucher
0 siblings, 0 replies; 12+ messages in thread
From: Alex Deucher @ 2022-04-26 14:47 UTC (permalink / raw)
To: Dan Carpenter
Cc: Tao Zhou, David Airlie, Pan, Xinhui, kernel-janitors,
amd-gfx list, Maling list - DRI developers, Daniel Vetter,
Alex Deucher, Candice Li, John Clements, Christian König,
Hawking Zhang
Applied the series. Thanks!
Alex
On Tue, Apr 26, 2022 at 4:49 AM Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> If the kzalloc() fails then this code will crash. Return -ENOMEM instead.
>
> Fixes: e50d9ba0d2cd ("drm/amdgpu: Add debugfs TA load/unload/invoke support")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> This would look nicer as:
>
> shared_buf = memdup_user(&buf[copy_pos], shared_buf_len);
> if (IS_ERR(shared_buf))
> return PTR_ERR(shared_buf);
>
> Probably eventually this will be sent as an automated Coccinelle patch?
>
> drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> index 32bcc20b9e3f..6806deb098d3 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> @@ -254,7 +254,7 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
>
> shared_buf = kzalloc(shared_buf_len, GFP_KERNEL);
> if (!shared_buf)
> - ret = -ENOMEM;
> + return -ENOMEM;
> if (copy_from_user((void *)shared_buf, &buf[copy_pos], shared_buf_len)) {
> ret = -EFAULT;
> goto err_free_shared_buf;
> --
> 2.35.1
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write()
2022-04-26 14:47 ` Alex Deucher
(?)
@ 2022-04-27 1:38 ` Randy Dunlap
-1 siblings, 0 replies; 12+ messages in thread
From: Randy Dunlap @ 2022-04-27 1:38 UTC (permalink / raw)
To: Alex Deucher, Dan Carpenter
Cc: Alex Deucher, Candice Li, Tao Zhou, David Airlie, Pan, Xinhui,
kernel-janitors, amd-gfx list, Maling list - DRI developers,
Daniel Vetter, John Clements, Christian König,
Hawking Zhang
Alex--
On 4/26/22 07:47, Alex Deucher wrote:
> Applied the series. Thanks!
>
> Alex
>
I just saw a build warning here when CONFIG_DEBUG_FS is not enabled:
../drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c:281:23: warning: 'amdgpu_ta_if_debugfs_create' defined but not used [-Wunused-function]
281 | static struct dentry *amdgpu_ta_if_debugfs_create(struct amdgpu_device *adev)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
--
~Randy
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write()
@ 2022-04-27 1:38 ` Randy Dunlap
0 siblings, 0 replies; 12+ messages in thread
From: Randy Dunlap @ 2022-04-27 1:38 UTC (permalink / raw)
To: Alex Deucher, Dan Carpenter
Cc: Tao Zhou, David Airlie, Pan, Xinhui, kernel-janitors,
amd-gfx list, Maling list - DRI developers, Alex Deucher,
Candice Li, John Clements, Christian König, Hawking Zhang
Alex--
On 4/26/22 07:47, Alex Deucher wrote:
> Applied the series. Thanks!
>
> Alex
>
I just saw a build warning here when CONFIG_DEBUG_FS is not enabled:
../drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c:281:23: warning: 'amdgpu_ta_if_debugfs_create' defined but not used [-Wunused-function]
281 | static struct dentry *amdgpu_ta_if_debugfs_create(struct amdgpu_device *adev)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
--
~Randy
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write()
@ 2022-04-27 1:38 ` Randy Dunlap
0 siblings, 0 replies; 12+ messages in thread
From: Randy Dunlap @ 2022-04-27 1:38 UTC (permalink / raw)
To: Alex Deucher, Dan Carpenter
Cc: Tao Zhou, David Airlie, Pan, Xinhui, kernel-janitors,
amd-gfx list, Maling list - DRI developers, Daniel Vetter,
Alex Deucher, Candice Li, John Clements, Christian König,
Hawking Zhang
Alex--
On 4/26/22 07:47, Alex Deucher wrote:
> Applied the series. Thanks!
>
> Alex
>
I just saw a build warning here when CONFIG_DEBUG_FS is not enabled:
../drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c:281:23: warning: 'amdgpu_ta_if_debugfs_create' defined but not used [-Wunused-function]
281 | static struct dentry *amdgpu_ta_if_debugfs_create(struct amdgpu_device *adev)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
--
~Randy
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2022-04-27 7:13 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-26 8:48 [PATCH 1/2] drm/amdgpu: debugfs: fix error codes in write functions Dan Carpenter
2022-04-26 8:48 ` Dan Carpenter
2022-04-26 8:48 ` Dan Carpenter
2022-04-26 8:49 ` [PATCH 2/2] drm/amdgpu: debugfs: fix NULL dereference in ta_if_invoke_debugfs_write() Dan Carpenter
2022-04-26 8:49 ` Dan Carpenter
2022-04-26 8:49 ` Dan Carpenter
2022-04-26 14:47 ` Alex Deucher
2022-04-26 14:47 ` Alex Deucher
2022-04-26 14:47 ` Alex Deucher
2022-04-27 1:38 ` Randy Dunlap
2022-04-27 1:38 ` Randy Dunlap
2022-04-27 1:38 ` Randy Dunlap
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.