summaryrefslogtreecommitdiffstats
path: root/hw
diff options
context:
space:
mode:
authorCyril Bur <cyril.bur@au1.ibm.com>2018-03-19 15:54:13 +1100
committerStewart Smith <stewart@linux.vnet.ibm.com>2018-03-27 14:51:38 +1100
commitf4f88196aec7a4c30e190bfbfe768cfc7e69aee6 (patch)
tree6fcd551f39f27a31001a0ba00aa98ab5222d3fc0 /hw
parent5630c819b3cbf37997d8b4033d142adf9c7703f5 (diff)
downloadblackbird-skiboot-f4f88196aec7a4c30e190bfbfe768cfc7e69aee6.tar.gz
blackbird-skiboot-f4f88196aec7a4c30e190bfbfe768cfc7e69aee6.zip
npu2: Fix possible NULL dereference
The follow pattern exists in several npu2 functions: struct phb *phb = pci_get_phb(phb_id); struct npu2 *p = phb_to_npu2_nvlink(phb); The problem is that pci_get_phb() can return NULL and phb_to_npu2_nvlink() dereferences its parameter. Coverity says that the return value of pci_get_phb() is checked 43 out of 46 times which suggests we should be more careful. Futhurmore, functions with the baddly placed call to phb_to_npu2_nvlink() do seem to check that the return value of pci_get_phb() isn't NULL, but this check would be too little too late. This patch just moves the call of phb_to_npu2_nvlink() to after the NULL check for the return value of pci_get_phb(). Affected functions are: opal_npu_map_lpar() opal_npu_init_context() opal_npu_destroy_context() Fixes: CID 264274, 264273, 264272, 264271, 264266, 264265 Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com> Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'hw')
-rw-r--r--hw/npu2.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/hw/npu2.c b/hw/npu2.c
index a0cf41f9..70bbc048 100644
--- a/hw/npu2.c
+++ b/hw/npu2.c
@@ -1954,7 +1954,7 @@ static int64_t opal_npu_init_context(uint64_t phb_id, int pasid __unused,
uint64_t msr, uint64_t bdf)
{
struct phb *phb = pci_get_phb(phb_id);
- struct npu2 *p = phb_to_npu2_nvlink(phb);
+ struct npu2 *p;
uint64_t xts_bdf, old_xts_bdf_pid, xts_bdf_pid;
int id;
@@ -1971,6 +1971,7 @@ static int64_t opal_npu_init_context(uint64_t phb_id, int pasid __unused,
/*
* Need to get LPARSHORT.
*/
+ p = phb_to_npu2_nvlink(phb);
lock(&p->lock);
xts_bdf = SETFIELD(NPU2_XTS_BDF_MAP_BDF, 0ul, bdf);
if (npu_table_search(p, NPU2_XTS_BDF_MAP, 8, NPU2_XTS_BDF_MAP_SIZE,
@@ -2032,13 +2033,14 @@ static int opal_npu_destroy_context(uint64_t phb_id, uint64_t pid __unused,
uint64_t bdf)
{
struct phb *phb = pci_get_phb(phb_id);
- struct npu2 *p = phb_to_npu2_nvlink(phb);
+ struct npu2 *p;
uint64_t xts_bdf;
int rc = 0;
if (!phb || phb->phb_type != phb_type_npu_v2)
return OPAL_PARAMETER;
+ p = phb_to_npu2_nvlink(phb);
lock(&p->lock);
/* Need to find lparshort for this bdf */
@@ -2066,7 +2068,7 @@ static int opal_npu_map_lpar(uint64_t phb_id, uint64_t bdf, uint64_t lparid,
uint64_t lpcr)
{
struct phb *phb = pci_get_phb(phb_id);
- struct npu2 *p = phb_to_npu2_nvlink(phb);
+ struct npu2 *p;
struct npu2_dev *ndev = NULL;
uint64_t xts_bdf_lpar, rc = OPAL_SUCCESS;
int i;
@@ -2081,6 +2083,7 @@ static int opal_npu_map_lpar(uint64_t phb_id, uint64_t bdf, uint64_t lparid,
* future. */
return OPAL_UNSUPPORTED;
+ p = phb_to_npu2_nvlink(phb);
lock(&p->lock);
/* Find any existing entries and update them */
OpenPOWER on IntegriCloud