Hi Danilo,
Thank you for the feedback. You're right.
After tracing through the call chain:
nvkm_gsp_rm_alloc_get()
└─> r535_gsp_rpc_rm_alloc_get()
└─> r535_gsp_rpc_get()
└─> r535_gsp_cmdq_get()
└─> kvzalloc()
r535_gsp_cmdq_get() returns ERR_PTR(-ENOMEM)
on allocation failure, not NULL. So NULL is never actually returned.
I found a similar issue in sunrpc where IS_ERR_OR_NULL() is actively
harmful -
PTR_ERR(NULL) would return 0 (EOF), masking real errors. This
confirms the pattern
you identified.
Should I submit a patch to clean up the IS_ERR_OR_NULL() checks in:
- nvkm_gsp_rm_alloc_get() / nvkm_gsp_rm_alloc()
- nvkm_gsp_rpc_rd()
- All the callers
Or would you prefer to handle this differently?
Regards,
Hongling
在 2026年05月26日 21:16, Danilo Krummrich 写道:
On Tue May 26, 2026 at 3:47 AM CEST, Hongling Zeng wrote:
nvkm_gsp_rm_alloc_get() can return NULL as well as error pointers.
The current code only checks for error pointers with IS_ERR(), which
would lead to a NULL pointer dereference if NULL is returned.
Fix by using IS_ERR_OR_NULL() instead of IS_ERR(), matching the
pattern used in nvkm_gsp_rm_alloc().
There was a similar patch [1] a while ago for another callsite. I replied:
Are we sure that this can ever return NULL in the first place? I know
that nvkm_gsp_rm_alloc_get() internally checks for IS_ERR_OR_NULL(), but
I couldn't find anything within the callchain that would actually return
NULL.
That said, I think IS_ERR_OR_NULL() checks are misleading.
Is there a real case where NULL can be returned? If not, let's remove the
IS_ERR_OR_NULL() throughout the whole chain instead.
[1] https://lore.kernel.org/lkml/[email protected]/
