Alexandre Courbot
2017-Mar-10 08:16 UTC
[Nouveau] [PATCH] secboot: fix NULL pointer dereference
The msgqueue pointer validity should be checked by its owner, not by the
msgqueue code itself to avoid this situation.
Signed-off-by: Alexandre Courbot <acourbot at nvidia.com>
Reported-by: Julia Lawall <julia.lawall at lip6.fr>
---
drm/nouveau/nvkm/engine/sec2/base.c | 7 +++++++
drm/nouveau/nvkm/falcon/msgqueue.c | 5 ++---
drm/nouveau/nvkm/subdev/pmu/gm20b.c | 6 ++++++
3 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/drm/nouveau/nvkm/engine/sec2/base.c
b/drm/nouveau/nvkm/engine/sec2/base.c
index 814daf35e21f..f865d2a3e184 100644
--- a/drm/nouveau/nvkm/engine/sec2/base.c
+++ b/drm/nouveau/nvkm/engine/sec2/base.c
@@ -59,6 +59,13 @@ static void
nvkm_sec2_recv(struct work_struct *work)
{
struct nvkm_sec2 *sec2 = container_of(work, typeof(*sec2), work);
+
+ if (!sec2->queue) {
+ nvkm_warn(&sec2->engine.subdev,
+ "recv function called while no firmware set!\n");
+ return;
+ }
+
nvkm_msgqueue_recv(sec2->queue);
}
diff --git a/drm/nouveau/nvkm/falcon/msgqueue.c
b/drm/nouveau/nvkm/falcon/msgqueue.c
index 18111d66d3d4..07e752603bae 100644
--- a/drm/nouveau/nvkm/falcon/msgqueue.c
+++ b/drm/nouveau/nvkm/falcon/msgqueue.c
@@ -511,11 +511,10 @@ nvkm_msgqueue_del(struct nvkm_msgqueue **queue)
void
nvkm_msgqueue_recv(struct nvkm_msgqueue *queue)
{
- if (!queue || !queue->func || !queue->func->recv) {
+ if (!queue->func || !queue->func->recv) {
const struct nvkm_subdev *subdev = queue->falcon->owner;
- nvkm_warn(subdev,
- "cmdqueue recv function called while no firmware set!\n");
+ nvkm_warn(subdev, "missing msgqueue recv function\n");
return;
}
diff --git a/drm/nouveau/nvkm/subdev/pmu/gm20b.c
b/drm/nouveau/nvkm/subdev/pmu/gm20b.c
index 48ae02d45656..44bef22bce52 100644
--- a/drm/nouveau/nvkm/subdev/pmu/gm20b.c
+++ b/drm/nouveau/nvkm/subdev/pmu/gm20b.c
@@ -27,6 +27,12 @@
static void
gm20b_pmu_recv(struct nvkm_pmu *pmu)
{
+ if (!pmu->queue) {
+ nvkm_warn(&pmu->subdev,
+ "recv function called while no firmware set!\n");
+ return;
+ }
+
nvkm_msgqueue_recv(pmu->queue);
}
--
2.12.0
Reasonably Related Threads
- [bug report] drm/nouveau/falcon: add msgqueue interface
- [PATCH] drm/nouveau/falcon: fix a few indentation issues
- Nouveau: kernel hang on Optimus+Intel+NVidia GeForce 1060m
- Nouveau: kernel hang on Optimus+Intel+NVidia GeForce 1060m
- [PATCH 00/15] Support for GP10B chipset
Wisdom of the Ancients
