Emil Velikov
2022-Mar-27 15:59 UTC
[Nouveau] [PATCH] dispnv50: atom: fix an incorrect NULL check on list iterator
On Sun, 27 Mar 2022 at 08:39, Xiaomeng Tong <xiam0nd.tong at gmail.com> wrote:> > The bug is here: > return encoder; > > The list iterator value 'encoder' will *always* be set and non-NULL > by drm_for_each_encoder_mask(), so it is incorrect to assume that the > iterator value will be NULL if the list is empty or no element found. > Otherwise it will bypass some NULL checks and lead to invalid memory > access passing the check. > > To fix this bug, just return 'encoder' when found, otherwise return > NULL. >Isn't this covered by the upcoming list* iterator rework [1] or is this another iterator glitch? IMHO we should be looking at fixing the implementation and not the hundreds of users through the kernel. HTH -Emil [1] https://lwn.net/Articles/887097/
Xiaomeng Tong
2022-Mar-28 02:09 UTC
[Nouveau] [PATCH] dispnv50: atom: fix an incorrect NULL check on list iterator
on Sun, 27 Mar 2022 16:59:28 +0100, Emil Velikov wrote:> On Sun, 27 Mar 2022 at 08:39, Xiaomeng Tong <xiam0nd.tong at gmail.com> wrote: > > > > The bug is here: > > return encoder; > > > > The list iterator value 'encoder' will *always* be set and non-NULL > > by drm_for_each_encoder_mask(), so it is incorrect to assume that the > > iterator value will be NULL if the list is empty or no element found. > > Otherwise it will bypass some NULL checks and lead to invalid memory > > access passing the check. > > > > To fix this bug, just return 'encoder' when found, otherwise return > > NULL. > > > > Isn't this covered by the upcoming list* iterator rework [1] or is > this another iterator glitch?Actually, it is a part of the upcoming work.> IMHO we should be looking at fixing the implementation and not the > hundreds of users through the kernel. > > HTH > -Emil > [1] https://lwn.net/Articles/887097/Yes, you are right. This has also been taken into account by the upcoming list iterator rework to avoid a lot uesr' changes as much as possible. However, this patch is fixing a potential bug caused by incorrect use of list iterator outside the loop, which can not be fixed by the implementation itself. -- Xiaomeng Tong
Emil Velikov
2022-Mar-29 10:59 UTC
[Nouveau] [PATCH] dispnv50: atom: fix an incorrect NULL check on list iterator
On Mon, 28 Mar 2022 at 03:09, Xiaomeng Tong <xiam0nd.tong at gmail.com> wrote:> > on Sun, 27 Mar 2022 16:59:28 +0100, Emil Velikov wrote: > > On Sun, 27 Mar 2022 at 08:39, Xiaomeng Tong <xiam0nd.tong at gmail.com> wrote: > > > > > > The bug is here: > > > return encoder; > > > > > > The list iterator value 'encoder' will *always* be set and non-NULL > > > by drm_for_each_encoder_mask(), so it is incorrect to assume that the > > > iterator value will be NULL if the list is empty or no element found. > > > Otherwise it will bypass some NULL checks and lead to invalid memory > > > access passing the check. > > > > > > To fix this bug, just return 'encoder' when found, otherwise return > > > NULL. > > > > > > > Isn't this covered by the upcoming list* iterator rework [1] or is > > this another iterator glitch? > > Actually, it is a part of the upcoming work. > > > IMHO we should be looking at fixing the implementation and not the > > hundreds of users through the kernel. > > > > HTH > > -Emil > > [1] https://lwn.net/Articles/887097/ > > Yes, you are right. This has also been taken into account by the upcoming > list iterator rework to avoid a lot uesr' changes as much as possible. > > However, this patch is fixing a potential bug caused by incorrect use of > list iterator outside the loop, which can not be fixed by the implementation > itself. >I see, thanks for the information o/ -Emil