The pci_get_domain_bus_and_slot() function can return NULL
if the requested PCI device is not found. The
nForceUpdateArbitrationSettings() and nv10GetConfig()
do not check for this, which can lead to a NULL pointer dereference
when the returned pointer is used in pci_read_config_dword().
Add NULL checks immediately after the calls to
pci_get_domain_bus_and_slot() in both functions.
Fixes: e22810808354 ("video: fbdev: riva: deprecate pci_get_bus_and_slot()")
Signed-off-by: Haotian Zhang <[email protected]>
---
drivers/video/fbdev/riva/riva_hw.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/drivers/video/fbdev/riva/riva_hw.c
b/drivers/video/fbdev/riva/riva_hw.c
index 8b829b720064..5b2f2d57c101 100644
--- a/drivers/video/fbdev/riva/riva_hw.c
+++ b/drivers/video/fbdev/riva/riva_hw.c
@@ -1100,6 +1100,10 @@ static void nForceUpdateArbitrationSettings
int domain = pci_domain_nr(pdev->bus);
dev = pci_get_domain_bus_and_slot(domain, 0, 3);
+ if (!dev) {
+ WARN_ON(1);
+ return;
+ }
pci_read_config_dword(dev, 0x6C, &uMClkPostDiv);
pci_dev_put(dev);
uMClkPostDiv = (uMClkPostDiv >> 8) & 0xf;
@@ -1115,6 +1119,10 @@ static void nForceUpdateArbitrationSettings
sim_data.enable_mp = 0;
dev = pci_get_domain_bus_and_slot(domain, 0, 1);
+ if (!dev) {
+ WARN_ON(1);
+ return;
+ }
pci_read_config_dword(dev, 0x7C, &sim_data.memory_type);
pci_dev_put(dev);
sim_data.memory_type = (sim_data.memory_type >> 12) & 1;
@@ -2085,11 +2093,19 @@ static void nv10GetConfig
*/
if(chipset == NV_CHIP_IGEFORCE2) {
dev = pci_get_domain_bus_and_slot(domain, 0, 1);
+ if (!dev) {
+ WARN_ON(1);
+ return;
+ }
pci_read_config_dword(dev, 0x7C, &amt);
pci_dev_put(dev);
chip->RamAmountKBytes = (((amt >> 6) & 31) + 1) * 1024;
} else if(chipset == NV_CHIP_0x01F0) {
dev = pci_get_domain_bus_and_slot(domain, 0, 1);
+ if (!dev) {
+ WARN_ON(1);
+ return;
+ }
pci_read_config_dword(dev, 0x84, &amt);
pci_dev_put(dev);
chip->RamAmountKBytes = (((amt >> 4) & 127) + 1) * 1024;
--
2.50.1.windows.1
