Re: [PATCH] drm/msm/dpu: Add callback function pointer check before its call

From: Aleksandr Mishin
Date: Wed Apr 10 2024 - 07:53:09 EST




On 08.04.2024 19:51, Abhinav Kumar wrote:


On 4/8/2024 1:55 AM, Aleksandr Mishin wrote:
In dpu_core_irq_callback_handler() callback function pointer is compared to NULL,
but then callback function is unconditionally called by this pointer.
Fix this bug by adding conditional return.

Found by Linux Verification Center (linuxtesting.org) with SVACE.


Yes , as dmitry wrote, this should be Reported-by.


It is an established practice for our project, you can find 700+ applied
patches with similar line:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=linuxtesting.org

But rest LGTM.

Fixes: c929ac60b3ed ("drm/msm/dpu: allow just single IRQ callback")
Signed-off-by: Aleksandr Mishin <amishin@xxxxxxxxxx>
---
  drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
index 946dd0135dff..03a16fbd4c99 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c
@@ -223,9 +223,11 @@ static void dpu_core_irq_callback_handler(struct dpu_kms *dpu_kms, unsigned int
      VERB("IRQ=[%d, %d]\n", DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
-    if (!irq_entry->cb)
+    if (!irq_entry->cb) {
          DRM_ERROR("no registered cb, IRQ=[%d, %d]\n",
                DPU_IRQ_REG(irq_idx), DPU_IRQ_BIT(irq_idx));
+        return;
+    }
      atomic_inc(&irq_entry->count);

--
Kind regards
Aleksandr