Dan Carpenter
2023-Nov-08 07:40 UTC
[Nouveau] [PATCH] nouveau/gsp/r535: Fix a NULL vs error pointer bug
The r535_gsp_cmdq_get() function returns error pointers but this code
checks for NULL. Also we need to propagate the error pointer back to
the callers in r535_gsp_rpc_get(). Returning NULL will lead to a NULL
pointer dereference.
Fixes: 176fdcbddfd2 ("drm/nouveau/gsp/r535: add support for booting
GSP-RM")
Signed-off-by: Dan Carpenter <dan.carpenter at linaro.org>
---
drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c
b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c
index e31f9641114b..f8409e2f9fef 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c
@@ -689,8 +689,8 @@ r535_gsp_rpc_get(struct nvkm_gsp *gsp, u32 fn, u32 argc)
struct nvfw_gsp_rpc *rpc;
rpc = r535_gsp_cmdq_get(gsp, ALIGN(sizeof(*rpc) + argc, sizeof(u64)));
- if (!rpc)
- return NULL;
+ if (IS_ERR(rpc))
+ return ERR_CAST(rpc);
rpc->header_version = 0x03000000;
rpc->signature = ('C' << 24) | ('P' << 16) |
('R' << 8) | 'V';
--
2.39.2
Danilo Krummrich
2023-Nov-14 21:38 UTC
[Nouveau] [PATCH] nouveau/gsp/r535: Fix a NULL vs error pointer bug
On 11/8/23 08:40, Dan Carpenter wrote:> The r535_gsp_cmdq_get() function returns error pointers but this code > checks for NULL. Also we need to propagate the error pointer back to > the callers in r535_gsp_rpc_get(). Returning NULL will lead to a NULL > pointer dereference. > > Fixes: 176fdcbddfd2 ("drm/nouveau/gsp/r535: add support for booting GSP-RM") > Signed-off-by: Dan Carpenter <dan.carpenter at linaro.org>Reviewed-by: Danilo Krummrich <dakr at redhat.com>> --- > drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c > index e31f9641114b..f8409e2f9fef 100644 > --- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c > +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c > @@ -689,8 +689,8 @@ r535_gsp_rpc_get(struct nvkm_gsp *gsp, u32 fn, u32 argc) > struct nvfw_gsp_rpc *rpc; > > rpc = r535_gsp_cmdq_get(gsp, ALIGN(sizeof(*rpc) + argc, sizeof(u64))); > - if (!rpc) > - return NULL; > + if (IS_ERR(rpc)) > + return ERR_CAST(rpc); > > rpc->header_version = 0x03000000; > rpc->signature = ('C' << 24) | ('P' << 16) | ('R' << 8) | 'V';
Maybe Matching Threads
- [bug report] drm/nouveau/gsp/r535: add support for booting GSP-RM
- [PATCH v3 02/15] nvkm: rename "repc" to "gsp_rpc_len" on the GSP message recv path
- [bug report] drm/nouveau/gsp/r535: add support for booting GSP-RM
- [bug report] drm/nouveau/gsp/r535: add support for booting GSP-RM
- [PATCH v3 01/15] nvkm: add a kernel doc to introduce the GSP RPC