drm/nouveau/secboot: fix NULL pointer dereference

The msgqueue pointer validity should be checked by its owner, not by the
msgqueue code itself to avoid this situation.

Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Dave Airlie <airlied@redhat.com>

drivers/gpu/drm/nouveau/nvkm/engine/sec2/base.c

@@ -59,6 +59,13 @@ static void
 nvkm_sec2_recv(struct work_struct *work)
 {
 	struct nvkm_sec2 *sec2 = container_of(work, typeof(*sec2), work);
+
+	if (!sec2->queue) {
+		nvkm_warn(&sec2->engine.subdev,
+			  "recv function called while no firmware set!\n");
+		return;
+	}
+
 	nvkm_msgqueue_recv(sec2->queue);
 }
 

drivers/gpu/drm/nouveau/nvkm/falcon/msgqueue.c

@@ -510,11 +510,10 @@ nvkm_msgqueue_del(struct nvkm_msgqueue **queue)
 void
 nvkm_msgqueue_recv(struct nvkm_msgqueue *queue)
 {
-	if (!queue || !queue->func || !queue->func->recv) {
+	if (!queue->func || !queue->func->recv) {
 		const struct nvkm_subdev *subdev = queue->falcon->owner;
 
-		nvkm_warn(subdev,
-		      "cmdqueue recv function called while no firmware set!\n");
+		nvkm_warn(subdev, "missing msgqueue recv function\n");
 		return;
 	}
 

drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gm20b.c

@@ -27,6 +27,12 @@
 static void
 gm20b_pmu_recv(struct nvkm_pmu *pmu)
 {
+	if (!pmu->queue) {
+		nvkm_warn(&pmu->subdev,
+			  "recv function called while no firmware set!\n");
+		return;
+	}
+
 	nvkm_msgqueue_recv(pmu->queue);
 }