Re: [PATCH] drm/vc4: fix dereference before NULL check

From: Boris Brezillon
Date: Tue Jun 28 2022 - 02:55:44 EST


On Tue, 28 Jun 2022 14:36:57 +0800
Yu Liao <liaoyu15@xxxxxxxxxx> wrote:

> The "perfmon" pointer is equal to the return value of idr_find
> which may be NULL, access by vc4_perfmon_get before checking if
> it was NULL. Fix this by dereferencing "perfmon" after "perfmon"
> has been null checked.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace")
> Signed-off-by: Yu Liao <liaoyu15@xxxxxxxxxx>

Reviewed-by: Boris Brezillon <boris.brezillon@xxxxxxxxxxxxx>

> ---
> drivers/gpu/drm/vc4/vc4_perfmon.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/vc4/vc4_perfmon.c b/drivers/gpu/drm/vc4/vc4_perfmon.c
> index c7f5adb6bcf8..ca969b8c7dde 100644
> --- a/drivers/gpu/drm/vc4/vc4_perfmon.c
> +++ b/drivers/gpu/drm/vc4/vc4_perfmon.c
> @@ -17,13 +17,17 @@
>
> void vc4_perfmon_get(struct vc4_perfmon *perfmon)
> {
> - struct vc4_dev *vc4 = perfmon->dev;
> + struct vc4_dev *vc4;
> +
> + if (!perfmon)
> + return;
> +
> + vc4 = perfmon->dev;
>
> if (WARN_ON_ONCE(vc4->is_vc5))
> return;
>
> - if (perfmon)
> - refcount_inc(&perfmon->refcnt);
> + refcount_inc(&perfmon->refcnt);
> }
>
> void vc4_perfmon_put(struct vc4_perfmon *perfmon)