| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 May 2017 22:52:18 -0700
From: Christoph Hellwig <hch@...radead.org>
To: jeffy <jeffy.chen@...k-chips.com>
Cc: Sean Paul <seanpaul@...omium.org>, linux-kernel@...r.kernel.org,
tfiga@...omium.org, Mark Yao <mark.yao@...k-chips.com>,
Heiko Stuebner <heiko@...ech.de>,
dri-devel@...ts.freedesktop.org,
linux-rockchip@...ts.infradead.org,
David Airlie <airlied@...ux.ie>,
linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] drm/rockchip: Don't allow zero sized gem buffer
On Fri, May 26, 2017 at 10:30:09AM +0800, jeffy wrote:
> Hi sean,
>
> On 05/25/2017 11:30 PM, Sean Paul wrote:
> > On Tue, May 23, 2017 at 02:39:43PM +0800, Jeffy Chen wrote:
> > > The system would crash when trying to alloc zero sized gem buffer:
> > > [ 6.712435] Unable to handle kernel NULL pointer dereference at virtual address 00000010 <--ZERO_SIZE_PTR
> > > ...
> > > [ 6.757502] PC is at sg_alloc_table_from_pages+0x170/0x1ec
> >
> > It's unfortunate that you didn't include the entire stack trace. From code
> > inspection, it seems like the 0 size comes from the fb_probe path? Is there
> > somewhere in the helpers that you could check the mode is sane so all drivers
> > can benefit?
>
> hmm, sorry, i was testing it on chromeos 4.4 kernel, it turns out that we
> have a custom ioctl for userspace to create gem buffer(the same as exynos
> drm), which might get the the 0 size.
>
> but on upstream kernel, it could only be called by dump_create, and the
> drm_mode_create_dumb_ioctl already did the size check.
>
> will resent this patch, and rewrite the commit message, thanx.
That suggests that this patch isn't needed at all.
Powered by blists - more mailing lists