On 22/01/2024 16:34, Boris Brezillon wrote:
> On Mon, 18 Dec 2023 21:25:16 +0000
> Chris Diamand <chris.diamand@xxxxxxxxxxxx> wrote:
>
>>> +void panthor_fw_unplug(struct panthor_device *ptdev)
>>> +{
>>> + struct panthor_fw_section *section;
>>> +
>>> + cancel_delayed_work_sync(&ptdev->fw->watchdog.ping_work);
>>> +
>>> + /* Make sure the IRQ handler can be called after that
>>> point. */
>>> + if (ptdev->fw->irq.irq)
>>> + panthor_job_irq_suspend(&ptdev->fw->irq);
>>> +
>>> + panthor_fw_stop(ptdev);
>>> +
>>> + if (ptdev->fw->vm)
>>> + panthor_vm_idle(ptdev->fw->vm);
>>> +
>>> + list_for_each_entry(section, &ptdev->fw->sections, node)
>>> + panthor_kernel_bo_destroy(panthor_fw_vm(ptdev),
>>> section->mem);
>>
>> Here's where we destroy the potentially invalid section->mem.
>>
>> Note that the issues are twofold:
>> Firstly, section->mem could be an error pointer as mentioned earlier.
>> Secondly, panthor_kernel_bo_destroy() doesn't actually check for
>> error values or even NULL.
>>
>> It would probably be worth adding NULL checks to
>> panthor_kernel_bo_destroy() and panthor_kernel_bo_vunmap() to protect
>> against this.
>
> I ended up implementing your suggestion, because it simplifies all
> call-sites in panthor_sched.c too. The new version defer the
> IS_ERR_OR_NULL() check to panthor_kernel_bo_destroy().
Sounds good to me - thanks!
