On Tue, Nov 18, 2025 at 5:57 AM Akhil P Oommen <[email protected]> wrote: > > On 11/17/2025 6:55 PM, Alok Tiwari wrote: > > Currently, a6xx_show() dereferences state before checking whether it is > > NULL or an error pointer.This can lead to invalid memory access if state > > is invalid. > > > > Move the IS_ERR_OR_NULL(state) check to the top of the function before > > any use of state. > > > > Fixes: 1707add81551 ("drm/msm/a6xx: Add a6xx gpu state") > > Signed-off-by: Alok Tiwari <[email protected]> > > --- > > drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c > > b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c > > index 4c7f3c642f6a..e408e1d84ade 100644 > > --- a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c > > +++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c > > @@ -1976,14 +1976,14 @@ static void a6xx_show_debugbus(struct > > a6xx_gpu_state *a6xx_state, > > void a6xx_show(struct msm_gpu *gpu, struct msm_gpu_state *state, > > struct drm_printer *p) > > { > > + if (IS_ERR_OR_NULL(state)) > > + return; > > + > > struct adreno_gpu *adreno_gpu = to_adreno_gpu(gpu); > > struct a6xx_gpu_state *a6xx_state = container_of(state, > > struct a6xx_gpu_state, base); > > Are you saying that this container_of does a dereference? > I don't think so.
it shouldn't.. but also there is no code path that reaches here with a IS_ERR_OR_NULL(state), AFAICT BR, -R > -Akhil. > > > int i; > > > > - if (IS_ERR_OR_NULL(state)) > > - return; > > - > > drm_printf(p, "gpu-initialized: %d\n", a6xx_state->gpu_initialized); > > > > adreno_show(gpu, state, p); >
