On 11/17/25 2:25 PM, Alok Tiwari wrote:
> Currently, a6xx_show() dereferences state before checking whether it is
> NULL or an error pointer.This can lead to invalid memory access if state
> is invalid.
>
> Move the IS_ERR_OR_NULL(state) check to the top of the function before
> any use of state.
>
> Fixes: 1707add81551 ("drm/msm/a6xx: Add a6xx gpu state")
> Signed-off-by: Alok Tiwari <[email protected]>
> ---
container_of doesn't do any dereferencing of the pointer, it only does
ptr arithmetic which is ""fine"" with a random/null value
Konrad
> drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c
> b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c
> index 4c7f3c642f6a..e408e1d84ade 100644
> --- a/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c
> +++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c
> @@ -1976,14 +1976,14 @@ static void a6xx_show_debugbus(struct a6xx_gpu_state
> *a6xx_state,
> void a6xx_show(struct msm_gpu *gpu, struct msm_gpu_state *state,
> struct drm_printer *p)
> {
> + if (IS_ERR_OR_NULL(state))
> + return;
> +
> struct adreno_gpu *adreno_gpu = to_adreno_gpu(gpu);
> struct a6xx_gpu_state *a6xx_state = container_of(state,
> struct a6xx_gpu_state, base);
> int i;
>
> - if (IS_ERR_OR_NULL(state))
> - return;
> -
> drm_printf(p, "gpu-initialized: %d\n", a6xx_state->gpu_initialized);
>
> adreno_show(gpu, state, p);
