diff options
| author | Alexandre Courbot <acourbot@nvidia.com> | 2017-03-10 17:16:48 +0900 |
|---|---|---|
| committer | Dave Airlie <airlied@redhat.com> | 2017-03-17 12:06:58 +1000 |
| commit | b7d6c8db498cdbbd0004970d02c86210ce3a6cbc (patch) | |
| tree | cc8af2a8e4763159e66f89518f8ef7f18056467c | |
| parent | aa7fc0ca759eb25eea6dc0fee4373e5883a17498 (diff) | |
| download | linux-b7d6c8db498cdbbd0004970d02c86210ce3a6cbc.tar.bz2 | |
drm/nouveau/secboot: fix NULL pointer dereference
The msgqueue pointer validity should be checked by its owner, not by the
msgqueue code itself to avoid this situation.
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Dave Airlie <airlied@redhat.com>
| -rw-r--r-- | drivers/gpu/drm/nouveau/nvkm/engine/sec2/base.c | 7 | ||||
| -rw-r--r-- | drivers/gpu/drm/nouveau/nvkm/falcon/msgqueue.c | 5 | ||||
| -rw-r--r-- | drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gm20b.c | 6 |
3 files changed, 15 insertions, 3 deletions
diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/sec2/base.c b/drivers/gpu/drm/nouveau/nvkm/engine/sec2/base.c index 814daf35e21f..f865d2a3e184 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/sec2/base.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/sec2/base.c @@ -59,6 +59,13 @@ static void nvkm_sec2_recv(struct work_struct *work) { struct nvkm_sec2 *sec2 = container_of(work, typeof(*sec2), work); + + if (!sec2->queue) { + nvkm_warn(&sec2->engine.subdev, + "recv function called while no firmware set!\n"); + return; + } + nvkm_msgqueue_recv(sec2->queue); } diff --git a/drivers/gpu/drm/nouveau/nvkm/falcon/msgqueue.c b/drivers/gpu/drm/nouveau/nvkm/falcon/msgqueue.c index a063fb823117..982efedb4b13 100644 --- a/drivers/gpu/drm/nouveau/nvkm/falcon/msgqueue.c +++ b/drivers/gpu/drm/nouveau/nvkm/falcon/msgqueue.c @@ -510,11 +510,10 @@ nvkm_msgqueue_del(struct nvkm_msgqueue **queue) void nvkm_msgqueue_recv(struct nvkm_msgqueue *queue) { - if (!queue || !queue->func || !queue->func->recv) { + if (!queue->func || !queue->func->recv) { const struct nvkm_subdev *subdev = queue->falcon->owner; - nvkm_warn(subdev, - "cmdqueue recv function called while no firmware set!\n"); + nvkm_warn(subdev, "missing msgqueue recv function\n"); return; } diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gm20b.c b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gm20b.c index 48ae02d45656..44bef22bce52 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gm20b.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gm20b.c @@ -27,6 +27,12 @@ static void gm20b_pmu_recv(struct nvkm_pmu *pmu) { + if (!pmu->queue) { + nvkm_warn(&pmu->subdev, + "recv function called while no firmware set!\n"); + return; + } + nvkm_msgqueue_recv(pmu->queue); } |