The following patch(s) are bugs found by the static compiler 'Parfait'. Care was taken to make sure false positive results were removed from this patchset.
Parfait Overview ================
https://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13
v1: Initial release
v2: - Split original v1 patch into 4 separate patches per request from Jani Nikula - Fixed system hang during boot up on test machine.
v3: - Made changes requested by Daniel Vetter.
Joe Moriarty (2): drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
drivers/gpu/drm/drm_drv.c | 2 +- drivers/gpu/drm/drm_vblank.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-)
The Parfait (version 2.1.0) static code analysis tool found the following NULL pointer derefernce problem.
- drivers/gpu/drm/drm_vblank.c Null pointer checks were added to return values from calls to drm_crtc_from_index(). There is a possibility, however minute, that crtc->index may not be found when trying to find the struct crtc from it's assigned index given in drm_crtc_init_with_planes(). 3 return checks for NULL where added with a call to WARN_ON(!crtc).
Signed-off-by: Joe Moriarty joe.moriarty@oracle.com Reviewed-by: Steven Sistare steven.sistare@oracle.com --- drivers/gpu/drm/drm_vblank.c | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/drivers/gpu/drm/drm_vblank.c b/drivers/gpu/drm/drm_vblank.c index 32d9bcf5be7f..03b431eb47ae 100644 --- a/drivers/gpu/drm/drm_vblank.c +++ b/drivers/gpu/drm/drm_vblank.c @@ -120,6 +120,9 @@ static u32 __get_vblank_counter(struct drm_device *dev, unsigned int pipe) if (drm_core_check_feature(dev, DRIVER_MODESET)) { struct drm_crtc *crtc = drm_crtc_from_index(dev, pipe);
+ if (WARN_ON(!crtc)) + return 0; + if (crtc->funcs->get_vblank_counter) return crtc->funcs->get_vblank_counter(crtc); } @@ -318,6 +321,9 @@ static void __disable_vblank(struct drm_device *dev, unsigned int pipe) if (drm_core_check_feature(dev, DRIVER_MODESET)) { struct drm_crtc *crtc = drm_crtc_from_index(dev, pipe);
+ if (WARN_ON(!crtc)) + return; + if (crtc->funcs->disable_vblank) { crtc->funcs->disable_vblank(crtc); return; @@ -918,6 +924,9 @@ static int __enable_vblank(struct drm_device *dev, unsigned int pipe) if (drm_core_check_feature(dev, DRIVER_MODESET)) { struct drm_crtc *crtc = drm_crtc_from_index(dev, pipe);
+ if (WARN_ON(!crtc)) + return 0; + if (crtc->funcs->enable_vblank) return crtc->funcs->enable_vblank(crtc); }
The Parfait (version 2.1.0) static code analysis tool found the following NULL pointer dereference problem.
- drivers/gpu/drm/drm_drv.c Any calls to drm_minor_get_slot() could result in the return of a NULL pointer when an invalid DRM device type is encountered. The return of NULL was removed with BUG() from drm_minor_get_slot().
Signed-off-by: Joe Moriarty joe.moriarty@oracle.com Reviewed-by: Steven Sistare steven.sistare@oracle.com --- drivers/gpu/drm/drm_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c index 9acc1e157813..a1b9338736e3 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -99,7 +99,7 @@ static struct drm_minor **drm_minor_get_slot(struct drm_device *dev, case DRM_MINOR_CONTROL: return &dev->control; default: - return NULL; + BUG(); } }
On 2/20/2018 2:11 PM, Joe Moriarty wrote:
The following patch(s) are bugs found by the static compiler 'Parfait'. Care was taken to make sure false positive results were removed from this patchset.
Parfait Overview
https://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13
v1: Initial release
v2:
- Split original v1 patch into 4 separate patches per request
from Jani Nikula
- Fixed system hang during boot up on test machine.
v3:
- Made changes requested by Daniel Vetter.
Joe Moriarty (2): drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
drivers/gpu/drm/drm_drv.c | 2 +- drivers/gpu/drm/drm_vblank.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-)
Ping, Waiting on review/addition of these 2 patches to drm-misc-next.
Thanks, Joe
On Mon, Mar 05, 2018 at 11:14:11AM -0500, Joe Moriarty wrote:
On 2/20/2018 2:11 PM, Joe Moriarty wrote:
The following patch(s) are bugs found by the static compiler 'Parfait'. Care was taken to make sure false positive results were removed from this patchset.
Parfait Overview
https://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13
v1: Initial release
v2:
- Split original v1 patch into 4 separate patches per request
from Jani Nikula
- Fixed system hang during boot up on test machine.
v3:
- Made changes requested by Daniel Vetter.
Joe Moriarty (2): drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
drivers/gpu/drm/drm_drv.c | 2 +- drivers/gpu/drm/drm_vblank.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-)
Ping, Waiting on review/addition of these 2 patches to drm-misc-next.
I was on vacation, and I guess no one else cared. Btw, minor process nit: Including internal review tags is fairly pointless, since generally I have no idea about how it happened (there's no public record), nor do I know the experience level of your reviewer. That makes the r-b tag fairly value-less in this case. If you want to included it's much better to do that review on the m-l, after submission.
Anyway, thanks for respinning, patches merged. -Daniel
dri-devel@lists.freedesktop.org
-
Daniel Vetter -
Joe Moriarty