[PATCH] drm/msm/dpu: Add callback function pointer check before its call

dri-devel.lists.freedesktop.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] drm/msm/dpu: Add callback function pointer check before its call
@ 2024-04-08  8:55 Aleksandr Mishin
  2024-04-08  9:03 ` Dmitry Baryshkov
  2024-04-08 16:51 ` Abhinav Kumar
  0 siblings, 2 replies; 6+ messages in thread
From: Aleksandr Mishin @ 2024-04-08  8:55 UTC (permalink / raw)
  To: Dmitry Baryshkov
  Cc: Aleksandr Mishin, Rob Clark, Abhinav Kumar, Sean Paul,
	Marijn Suijten, David Airlie, Daniel Vetter, Neil Armstrong,
	Stephen Boyd, linux-arm-msm, dri-devel, freedreno, linux-kernel,
	lvc-project

In dpu_core_irq_callback_handler() callback function pointer is compared to NULL,
but then callback function is unconditionally called by this pointer.
Fix this bug by adding conditional return.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: c929ac60b3ed ("drm/msm/dpu: allow just single IRQ callback")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
---
 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
index 946dd0135dff..03a16fbd4c99 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
@@ -223,9 +223,11 @@ static void dpu_core_irq_callback_handler(struct dpu_kms *dpu_kms, unsigned int
 
 	VERB("IRQ=[%d, %d]\n", DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
 
-	if (!irq_entry->cb)
+	if (!irq_entry->cb) {
 		DRM_ERROR("no registered cb, IRQ=[%d, %d]\n",
 			  DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
+		return;
+	}
 
 	atomic_inc(&irq_entry->count);
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] drm/msm/dpu: Add callback function pointer check before its call
  2024-04-08  8:55 [PATCH] drm/msm/dpu: Add callback function pointer check before its call Aleksandr Mishin
@ 2024-04-08  9:03 ` Dmitry Baryshkov
  2024-04-10 11:48   ` Aleksandr Mishin
  2024-04-08 16:51 ` Abhinav Kumar
  1 sibling, 1 reply; 6+ messages in thread
From: Dmitry Baryshkov @ 2024-04-08  9:03 UTC (permalink / raw)
  To: Aleksandr Mishin
  Cc: Rob Clark, Abhinav Kumar, Sean Paul, Marijn Suijten,
	David Airlie, Daniel Vetter, Neil Armstrong, Stephen Boyd,
	linux-arm-msm, dri-devel, freedreno, linux-kernel, lvc-project

On Mon, 8 Apr 2024 at 11:57, Aleksandr Mishin <amishin@t-argos.ru> wrote:
>
> In dpu_core_irq_callback_handler() callback function pointer is compared to NULL,
> but then callback function is unconditionally called by this pointer.
> Fix this bug by adding conditional return.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.

This should be converted to a proper Reported-by: trailer.

>
> Fixes: c929ac60b3ed ("drm/msm/dpu: allow just single IRQ callback")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
> ---
>  drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> index 946dd0135dff..03a16fbd4c99 100644
> --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> @@ -223,9 +223,11 @@ static void dpu_core_irq_callback_handler(struct dpu_kms *dpu_kms, unsigned int
>
>         VERB("IRQ=[%d, %d]\n", DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
>
> -       if (!irq_entry->cb)
> +       if (!irq_entry->cb) {
>                 DRM_ERROR("no registered cb, IRQ=[%d, %d]\n",
>                           DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
> +               return;
> +       }
>
>         atomic_inc(&irq_entry->count);
>
> --
> 2.30.2
>
>


-- 
With best wishes
Dmitry

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] drm/msm/dpu: Add callback function pointer check before its call
  2024-04-08  8:55 [PATCH] drm/msm/dpu: Add callback function pointer check before its call Aleksandr Mishin
  2024-04-08  9:03 ` Dmitry Baryshkov
@ 2024-04-08 16:51 ` Abhinav Kumar
  2024-04-10 11:45   ` Aleksandr Mishin
  1 sibling, 1 reply; 6+ messages in thread
From: Abhinav Kumar @ 2024-04-08 16:51 UTC (permalink / raw)
  To: Aleksandr Mishin, Dmitry Baryshkov
  Cc: Rob Clark, Sean Paul, Marijn Suijten, David Airlie,
	Daniel Vetter, Neil Armstrong, Stephen Boyd, linux-arm-msm,
	dri-devel, freedreno, linux-kernel, lvc-project



On 4/8/2024 1:55 AM, Aleksandr Mishin wrote:
> In dpu_core_irq_callback_handler() callback function pointer is compared to NULL,
> but then callback function is unconditionally called by this pointer.
> Fix this bug by adding conditional return.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 

Yes , as dmitry wrote, this should be Reported-by.

But rest LGTM.

> Fixes: c929ac60b3ed ("drm/msm/dpu: allow just single IRQ callback")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
> ---
>   drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> index 946dd0135dff..03a16fbd4c99 100644
> --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> @@ -223,9 +223,11 @@ static void dpu_core_irq_callback_handler(struct dpu_kms *dpu_kms, unsigned int
>   
>   	VERB("IRQ=[%d, %d]\n", DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
>   
> -	if (!irq_entry->cb)
> +	if (!irq_entry->cb) {
>   		DRM_ERROR("no registered cb, IRQ=[%d, %d]\n",
>   			  DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
> +		return;
> +	}
>   
>   	atomic_inc(&irq_entry->count);
>   

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] drm/msm/dpu: Add callback function pointer check before its call
  2024-04-08 16:51 ` Abhinav Kumar
@ 2024-04-10 11:45   ` Aleksandr Mishin
  0 siblings, 0 replies; 6+ messages in thread
From: Aleksandr Mishin @ 2024-04-10 11:45 UTC (permalink / raw)
  To: Abhinav Kumar, Dmitry Baryshkov
  Cc: Rob Clark, Sean Paul, Marijn Suijten, David Airlie,
	Daniel Vetter, Neil Armstrong, Stephen Boyd, linux-arm-msm,
	dri-devel, freedreno, linux-kernel, lvc-project



On 08.04.2024 19:51, Abhinav Kumar wrote:
> 
> 
> On 4/8/2024 1:55 AM, Aleksandr Mishin wrote:
>> In dpu_core_irq_callback_handler() callback function pointer is 
>> compared to NULL,
>> but then callback function is unconditionally called by this pointer.
>> Fix this bug by adding conditional return.
>>
>> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>>
> 
> Yes , as dmitry wrote, this should be Reported-by.
> 

It is an established practice for our project, you can find 700+ applied
patches with similar line:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=linuxtesting.org

> But rest LGTM.
> 
>> Fixes: c929ac60b3ed ("drm/msm/dpu: allow just single IRQ callback")
>> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
>> ---
>>   drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 4 +++-
>>   1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c 
>> b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
>> index 946dd0135dff..03a16fbd4c99 100644
>> --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
>> +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
>> @@ -223,9 +223,11 @@ static void dpu_core_irq_callback_handler(struct 
>> dpu_kms *dpu_kms, unsigned int
>>       VERB("IRQ=[%d, %d]\n", DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
>> -    if (!irq_entry->cb)
>> +    if (!irq_entry->cb) {
>>           DRM_ERROR("no registered cb, IRQ=[%d, %d]\n",
>>                 DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
>> +        return;
>> +    }
>>       atomic_inc(&irq_entry->count);

-- 
Kind regards
Aleksandr

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] drm/msm/dpu: Add callback function pointer check before its call
  2024-04-08  9:03 ` Dmitry Baryshkov
@ 2024-04-10 11:48   ` Aleksandr Mishin
  2024-04-10 13:17     ` Dmitry Baryshkov
  0 siblings, 1 reply; 6+ messages in thread
From: Aleksandr Mishin @ 2024-04-10 11:48 UTC (permalink / raw)
  To: Dmitry Baryshkov
  Cc: Rob Clark, Abhinav Kumar, Sean Paul, Marijn Suijten,
	David Airlie, Daniel Vetter, Neil Armstrong, Stephen Boyd,
	linux-arm-msm, dri-devel, freedreno, linux-kernel, lvc-project



On 08.04.2024 12:03, Dmitry Baryshkov wrote:
> On Mon, 8 Apr 2024 at 11:57, Aleksandr Mishin <amishin@t-argos.ru> wrote:
>>
>> In dpu_core_irq_callback_handler() callback function pointer is compared to NULL,
>> but then callback function is unconditionally called by this pointer.
>> Fix this bug by adding conditional return.
>>
>> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> This should be converted to a proper Reported-by: trailer.
> 

It is an established practice for our project, you can find 700+ applied
patches with similar line:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=linuxtesting.org

>>
>> Fixes: c929ac60b3ed ("drm/msm/dpu: allow just single IRQ callback")
>> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
>> ---
>>   drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 4 +++-
>>   1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
>> index 946dd0135dff..03a16fbd4c99 100644
>> --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
>> +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
>> @@ -223,9 +223,11 @@ static void dpu_core_irq_callback_handler(struct dpu_kms *dpu_kms, unsigned int
>>
>>          VERB("IRQ=[%d, %d]\n", DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
>>
>> -       if (!irq_entry->cb)
>> +       if (!irq_entry->cb) {
>>                  DRM_ERROR("no registered cb, IRQ=[%d, %d]\n",
>>                            DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
>> +               return;
>> +       }
>>
>>          atomic_inc(&irq_entry->count);
>>
>> --
>> 2.30.2
>>
>>
> 
> 

-- 
Kind regards
Aleksandr

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] drm/msm/dpu: Add callback function pointer check before its call
  2024-04-10 11:48   ` Aleksandr Mishin
@ 2024-04-10 13:17     ` Dmitry Baryshkov
  0 siblings, 0 replies; 6+ messages in thread
From: Dmitry Baryshkov @ 2024-04-10 13:17 UTC (permalink / raw)
  To: Aleksandr Mishin
  Cc: Rob Clark, Abhinav Kumar, Sean Paul, Marijn Suijten,
	David Airlie, Daniel Vetter, Neil Armstrong, Stephen Boyd,
	linux-arm-msm, dri-devel, freedreno, linux-kernel, lvc-project

On Wed, 10 Apr 2024 at 14:53, Aleksandr Mishin <amishin@t-argos.ru> wrote:
> On 08.04.2024 12:03, Dmitry Baryshkov wrote:
> > On Mon, 8 Apr 2024 at 11:57, Aleksandr Mishin <amishin@t-argos.ru> wrote:
> >>
> >> In dpu_core_irq_callback_handler() callback function pointer is compared to NULL,
> >> but then callback function is unconditionally called by this pointer.
> >> Fix this bug by adding conditional return.
> >>
> >> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> >
> > This should be converted to a proper Reported-by: trailer.
> >
>
> It is an established practice for our project, you can find 700+ applied
> patches with similar line:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=linuxtesting.org

Is there any reason why your project doesn't follow established
guidelines? Compare this to other robots.

Anyway:

Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>

>
> >>
> >> Fixes: c929ac60b3ed ("drm/msm/dpu: allow just single IRQ callback")
> >> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
> >> ---
> >>   drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 4 +++-
> >>   1 file changed, 3 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> >> index 946dd0135dff..03a16fbd4c99 100644
> >> --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> >> +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
> >> @@ -223,9 +223,11 @@ static void dpu_core_irq_callback_handler(struct dpu_kms *dpu_kms, unsigned int
> >>
> >>          VERB("IRQ=[%d, %d]\n", DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
> >>
> >> -       if (!irq_entry->cb)
> >> +       if (!irq_entry->cb) {
> >>                  DRM_ERROR("no registered cb, IRQ=[%d, %d]\n",
> >>                            DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
> >> +               return;
> >> +       }
> >>
> >>          atomic_inc(&irq_entry->count);
> >>
> >> --
> >> 2.30.2
> >>
> >>
> >
> >
>
> --
> Kind regards
> Aleksandr



-- 
With best wishes
Dmitry

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2024-04-10 13:17 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-08  8:55 [PATCH] drm/msm/dpu: Add callback function pointer check before its call Aleksandr Mishin
2024-04-08  9:03 ` Dmitry Baryshkov
2024-04-10 11:48   ` Aleksandr Mishin
2024-04-10 13:17     ` Dmitry Baryshkov
2024-04-08 16:51 ` Abhinav Kumar
2024-04-10 11:45   ` Aleksandr Mishin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).