Fix potential NULL pointer dereference in ga100_fifo_nonstall_allow()
and ga100_fifo_nonstall_block() when nvkm_runl_get() returns NULL.
Fix CVE-476 as reported by coverity tool (CID: 1660771)
Fixes: 55e1a5996085 ("drm/nouveau/fifo/ga100-: add per-runlist nonstall intr
handling")
Addresses-Coverity-ID: 1660771
Signed-off-by: Akhilesh Patil <akhil...@ee.iitb.ac.in>
---
drivers/gpu/drm/nouveau/nvkm/engine/fifo/ga100.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/fifo/ga100.c
b/drivers/gpu/drm/nouveau/nvkm/engine/fifo/ga100.c
index e74493a4569e..a441fb602f28 100644
--- a/drivers/gpu/drm/nouveau/nvkm/engine/fifo/ga100.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/fifo/ga100.c
@@ -520,7 +520,9 @@ ga100_fifo_nonstall_block(struct nvkm_event *event, int
type, int index)
struct nvkm_fifo *fifo = container_of(event, typeof(*fifo),
nonstall.event);
struct nvkm_runl *runl = nvkm_runl_get(fifo, index, 0);
- nvkm_inth_block(&runl->nonstall.inth);
+ WARN_ON(!runl);
+ if (runl)
+ nvkm_inth_block(&runl->nonstall.inth);
}
static void
@@ -529,7 +531,9 @@ ga100_fifo_nonstall_allow(struct nvkm_event *event, int
type, int index)
struct nvkm_fifo *fifo = container_of(event, typeof(*fifo),
nonstall.event);
struct nvkm_runl *runl = nvkm_runl_get(fifo, index, 0);
- nvkm_inth_allow(&runl->nonstall.inth);
+ WARN_ON(!runl);
+ if (runl)
+ nvkm_inth_allow(&runl->nonstall.inth);
}
const struct nvkm_event_func
--
2.34.1
