* [PATCH] drm/msm: Fix NULL deref in adreno_load_gpu
@ 2017-12-14 5:41 Archit Taneja
2017-12-15 15:33 ` Jordan Crouse
2017-12-22 10:11 ` [PATCH v2] " Archit Taneja
0 siblings, 2 replies; 5+ messages in thread
From: Archit Taneja @ 2017-12-14 5:41 UTC (permalink / raw)
To: robdclark; +Cc: dri-devel, linux-arm-msm, Archit Taneja
The msm/kms driver should work even if there is no GPU device specified
in DT. Currently, we get a NULL dereference crash in adreno_load_gpu
since the driver assumes that priv->gpu_pdev is non-NULL.
Perform an additional check on priv->gpu_pdev before trying to retrieve
the msm_gpu pointer from it.
Fixes: eec874ce5ff1 (drm/msm/adreno: load gpu at probe/bind time)
Signed-off-by: Archit Taneja <architt@codeaurora.org>
---
drivers/gpu/drm/msm/adreno/adreno_device.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/msm/adreno/adreno_device.c b/drivers/gpu/drm/msm/adreno/adreno_device.c
index 05022ea2a007..ac60cf3c794e 100644
--- a/drivers/gpu/drm/msm/adreno/adreno_device.c
+++ b/drivers/gpu/drm/msm/adreno/adreno_device.c
@@ -124,10 +124,17 @@ const struct adreno_info *adreno_info(struct adreno_rev rev)
struct msm_gpu *adreno_load_gpu(struct drm_device *dev)
{
struct msm_drm_private *priv = dev->dev_private;
- struct platform_device *pdev = priv->gpu_pdev;
- struct msm_gpu *gpu = platform_get_drvdata(priv->gpu_pdev);
+ struct platform_device *pdev;
+ struct msm_gpu *gpu;
int ret;
+ pdev = priv->gpu_pdev;
+ if (!pdev) {
+ dev_dbg(dev->dev, "no adreno platform device found\n");
+ return NULL;
+ }
+
+ gpu = platform_get_drvdata(pdev);
if (!gpu) {
dev_err(dev->dev, "no adreno device\n");
return NULL;
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
hosted by The Linux Foundation
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/msm: Fix NULL deref in adreno_load_gpu
2017-12-14 5:41 [PATCH] drm/msm: Fix NULL deref in adreno_load_gpu Archit Taneja
@ 2017-12-15 15:33 ` Jordan Crouse
2017-12-20 6:48 ` Archit Taneja
2017-12-22 10:11 ` [PATCH v2] " Archit Taneja
1 sibling, 1 reply; 5+ messages in thread
From: Jordan Crouse @ 2017-12-15 15:33 UTC (permalink / raw)
To: Archit Taneja; +Cc: robdclark, linux-arm-msm, dri-devel
On Thu, Dec 14, 2017 at 11:11:50AM +0530, Archit Taneja wrote:
> The msm/kms driver should work even if there is no GPU device specified
> in DT. Currently, we get a NULL dereference crash in adreno_load_gpu
> since the driver assumes that priv->gpu_pdev is non-NULL.
>
> Perform an additional check on priv->gpu_pdev before trying to retrieve
> the msm_gpu pointer from it.
>
> Fixes: eec874ce5ff1 (drm/msm/adreno: load gpu at probe/bind time)
>
> Signed-off-by: Archit Taneja <architt@codeaurora.org>
> ---
> drivers/gpu/drm/msm/adreno/adreno_device.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/msm/adreno/adreno_device.c b/drivers/gpu/drm/msm/adreno/adreno_device.c
> index 05022ea2a007..ac60cf3c794e 100644
> --- a/drivers/gpu/drm/msm/adreno/adreno_device.c
> +++ b/drivers/gpu/drm/msm/adreno/adreno_device.c
> @@ -124,10 +124,17 @@ const struct adreno_info *adreno_info(struct adreno_rev rev)
> struct msm_gpu *adreno_load_gpu(struct drm_device *dev)
> {
> struct msm_drm_private *priv = dev->dev_private;
> - struct platform_device *pdev = priv->gpu_pdev;
> - struct msm_gpu *gpu = platform_get_drvdata(priv->gpu_pdev);
> + struct platform_device *pdev;
> + struct msm_gpu *gpu;
> int ret;
>
> + pdev = priv->gpu_pdev;
> + if (!pdev) {
> + dev_dbg(dev->dev, "no adreno platform device found\n");
> + return NULL;
> + }
> +
> + gpu = platform_get_drvdata(pdev);
> if (!gpu) {
> dev_err(dev->dev, "no adreno device\n");
> return NULL;
Obviously correct fix but I can't help but think that we should share the same
error message, so something like:
struct msm_gpu *gpu = NULL;
..
if (priv->gpu_pdev)
gpu = platform_get_drvdata(priv->gpu_pdev);
if (!gpu) {
dev_err(dev->dev, "No GPU device was was found\n");
return NULL;
}
(also, I can't help but think maybe that dev_err should be a ONCE so you don't
get a nasty message every time you open the file descriptor).
Jordan
--
The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/msm: Fix NULL deref in adreno_load_gpu
2017-12-15 15:33 ` Jordan Crouse
@ 2017-12-20 6:48 ` Archit Taneja
0 siblings, 0 replies; 5+ messages in thread
From: Archit Taneja @ 2017-12-20 6:48 UTC (permalink / raw)
To: robdclark, linux-arm-msm, dri-devel
On 12/15/2017 09:03 PM, Jordan Crouse wrote:
> On Thu, Dec 14, 2017 at 11:11:50AM +0530, Archit Taneja wrote:
>> The msm/kms driver should work even if there is no GPU device specified
>> in DT. Currently, we get a NULL dereference crash in adreno_load_gpu
>> since the driver assumes that priv->gpu_pdev is non-NULL.
>>
>> Perform an additional check on priv->gpu_pdev before trying to retrieve
>> the msm_gpu pointer from it.
>>
>> Fixes: eec874ce5ff1 (drm/msm/adreno: load gpu at probe/bind time)
>>
>> Signed-off-by: Archit Taneja <architt@codeaurora.org>
>> ---
>> drivers/gpu/drm/msm/adreno/adreno_device.c | 11 +++++++++--
>> 1 file changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/msm/adreno/adreno_device.c b/drivers/gpu/drm/msm/adreno/adreno_device.c
>> index 05022ea2a007..ac60cf3c794e 100644
>> --- a/drivers/gpu/drm/msm/adreno/adreno_device.c
>> +++ b/drivers/gpu/drm/msm/adreno/adreno_device.c
>> @@ -124,10 +124,17 @@ const struct adreno_info *adreno_info(struct adreno_rev rev)
>> struct msm_gpu *adreno_load_gpu(struct drm_device *dev)
>> {
>> struct msm_drm_private *priv = dev->dev_private;
>> - struct platform_device *pdev = priv->gpu_pdev;
>> - struct msm_gpu *gpu = platform_get_drvdata(priv->gpu_pdev);
>> + struct platform_device *pdev;
>> + struct msm_gpu *gpu;
>> int ret;
>>
>> + pdev = priv->gpu_pdev;
>> + if (!pdev) {
>> + dev_dbg(dev->dev, "no adreno platform device found\n");
>> + return NULL;
>> + }
>> +
>> + gpu = platform_get_drvdata(pdev);
>> if (!gpu) {
>> dev_err(dev->dev, "no adreno device\n");
>> return NULL;
>
> Obviously correct fix but I can't help but think that we should share the same
> error message, so something like:
>
> struct msm_gpu *gpu = NULL;
>
> ..
>
> if (priv->gpu_pdev)
> gpu = platform_get_drvdata(priv->gpu_pdev);
>
> if (!gpu) {
> dev_err(dev->dev, "No GPU device was was found\n");
> return NULL;
> }
>
> (also, I can't help but think maybe that dev_err should be a ONCE so you don't
> get a nasty message every time you open the file descriptor).
This approach looks better. I'll re-spin.
Thanks,
Archit
>
> Jordan
>
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] drm/msm: Fix NULL deref in adreno_load_gpu
2017-12-14 5:41 [PATCH] drm/msm: Fix NULL deref in adreno_load_gpu Archit Taneja
2017-12-15 15:33 ` Jordan Crouse
@ 2017-12-22 10:11 ` Archit Taneja
2018-01-02 18:32 ` Jordan Crouse
1 sibling, 1 reply; 5+ messages in thread
From: Archit Taneja @ 2017-12-22 10:11 UTC (permalink / raw)
To: robdclark, jcrouse; +Cc: linux-arm-msm, dri-devel
The msm/kms driver should work even if there is no GPU device specified
in DT. Currently, we get a NULL dereference crash in adreno_load_gpu
since the driver assumes that priv->gpu_pdev is non-NULL.
Perform an additional check on priv->gpu_pdev before trying to retrieve
the msm_gpu pointer from it.
v2: Incorporate Jordan's comments:
- Simplify the check to share the same error message.
- Use dev_err_once() to avoid an error message every time we open the
drm device fd.
Fixes: eec874ce5ff1 (drm/msm/adreno: load gpu at probe/bind time)
Signed-off-by: Archit Taneja <architt@codeaurora.org>
---
drivers/gpu/drm/msm/adreno/adreno_device.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/msm/adreno/adreno_device.c b/drivers/gpu/drm/msm/adreno/adreno_device.c
index 05022ea2a007..bfb3d689f47d 100644
--- a/drivers/gpu/drm/msm/adreno/adreno_device.c
+++ b/drivers/gpu/drm/msm/adreno/adreno_device.c
@@ -125,11 +125,14 @@ struct msm_gpu *adreno_load_gpu(struct drm_device *dev)
{
struct msm_drm_private *priv = dev->dev_private;
struct platform_device *pdev = priv->gpu_pdev;
- struct msm_gpu *gpu = platform_get_drvdata(priv->gpu_pdev);
+ struct msm_gpu *gpu = NULL;
int ret;
+ if (pdev)
+ gpu = platform_get_drvdata(pdev);
+
if (!gpu) {
- dev_err(dev->dev, "no adreno device\n");
+ dev_err_once(dev->dev, "no GPU device was found\n");
return NULL;
}
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
hosted by The Linux Foundation
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2] drm/msm: Fix NULL deref in adreno_load_gpu
2017-12-22 10:11 ` [PATCH v2] " Archit Taneja
@ 2018-01-02 18:32 ` Jordan Crouse
0 siblings, 0 replies; 5+ messages in thread
From: Jordan Crouse @ 2018-01-02 18:32 UTC (permalink / raw)
To: Archit Taneja; +Cc: linux-arm-msm, dri-devel
On Fri, Dec 22, 2017 at 03:41:13PM +0530, Archit Taneja wrote:
> The msm/kms driver should work even if there is no GPU device specified
> in DT. Currently, we get a NULL dereference crash in adreno_load_gpu
> since the driver assumes that priv->gpu_pdev is non-NULL.
>
> Perform an additional check on priv->gpu_pdev before trying to retrieve
> the msm_gpu pointer from it.
>
> v2: Incorporate Jordan's comments:
> - Simplify the check to share the same error message.
> - Use dev_err_once() to avoid an error message every time we open the
> drm device fd.
>
> Fixes: eec874ce5ff1 (drm/msm/adreno: load gpu at probe/bind time)
>
> Signed-off-by: Archit Taneja <architt@codeaurora.org>
Acked-by: Jordan Crouse <jcrouse@codeaurora.org>
> ---
> drivers/gpu/drm/msm/adreno/adreno_device.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/msm/adreno/adreno_device.c b/drivers/gpu/drm/msm/adreno/adreno_device.c
> index 05022ea2a007..bfb3d689f47d 100644
> --- a/drivers/gpu/drm/msm/adreno/adreno_device.c
> +++ b/drivers/gpu/drm/msm/adreno/adreno_device.c
> @@ -125,11 +125,14 @@ struct msm_gpu *adreno_load_gpu(struct drm_device *dev)
> {
> struct msm_drm_private *priv = dev->dev_private;
> struct platform_device *pdev = priv->gpu_pdev;
> - struct msm_gpu *gpu = platform_get_drvdata(priv->gpu_pdev);
> + struct msm_gpu *gpu = NULL;
> int ret;
>
> + if (pdev)
> + gpu = platform_get_drvdata(pdev);
> +
> if (!gpu) {
> - dev_err(dev->dev, "no adreno device\n");
> + dev_err_once(dev->dev, "no GPU device was found\n");
> return NULL;
> }
--
The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-01-02 18:32 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-14 5:41 [PATCH] drm/msm: Fix NULL deref in adreno_load_gpu Archit Taneja
2017-12-15 15:33 ` Jordan Crouse
2017-12-20 6:48 ` Archit Taneja
2017-12-22 10:11 ` [PATCH v2] " Archit Taneja
2018-01-02 18:32 ` Jordan Crouse
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).