| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jan 2013 21:06:49 -0600 (CST)
From: Ilija Hadzic <ihadzic@...earch.bell-labs.com>
To: Shuah Khan <shuah.khan@...com>
cc: airlied@...ux.ie, deathsimple@...afone.de, jglisse@...hat.com,
airlied@...hat.com,
"Deucher, Alexander" <alexander.deucher@....com>,
Greg KH <gregkh@...uxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>,
dri-devel@...ts.freedesktop.org, shuahkhan@...il.com
Subject: Re: [PATCH] drm/radeon: fix NULL pointer dereference in UMS mode in
radeon_cs_parser_fini()
Actually, the code path affected by your patch is not executed in UMS mode
at all. Notice that radeon_cs_parser_fini is only called from
radeon_cs_ioctl which is a KMS-only ioctl (see radeon_kms.c).
The equivalent of the fix you are trying to do is in
a6b7e1a02b77ab8fe8775d20a88c53d8ba55482e (function patched by that one is
the one used by legacy-CS ioctl), which you should go together
with ff4bd0827764e10a428a9d39e6814c5478863f94 if you are backporting UMS
fixes to 3.7. Both are needed to prevent kernel crashes in UMS mode.
-- Ilija
On Wed, 16 Jan 2013, Shuah Khan wrote:
> Fix parser->rdev NULL pointer dereference in radeon_cs_parser_fini().
> While back-porting drm/radeon: fix NULL pointer dereference in UMS mode
> patch (commit-id: ff4bd0827764e10a428a9d39e6814c5478863f94) to 3,7.y, noticed
> another instance of NULL pointer dereference in radeon_cs_parser_fini()
> function.
>
> Signed-off-by: Shuah Khan <shuah.khan@...com>
> CC: stable@...r.kernel.org 3.7
> ---
> drivers/gpu/drm/radeon/radeon_cs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/radeon/radeon_cs.c b/drivers/gpu/drm/radeon/radeon_cs.c
> index 469661f..d1c282c 100644
> --- a/drivers/gpu/drm/radeon/radeon_cs.c
> +++ b/drivers/gpu/drm/radeon/radeon_cs.c
> @@ -329,7 +329,7 @@ static void radeon_cs_parser_fini(struct radeon_cs_parser *parser, int error)
> kfree(parser->relocs_ptr);
> for (i = 0; i < parser->nchunks; i++) {
> kfree(parser->chunks[i].kdata);
> - if ((parser->rdev->flags & RADEON_IS_AGP)) {
> + if (parser->rdev && (parser->rdev->flags & RADEON_IS_AGP)) {
> kfree(parser->chunks[i].kpage[0]);
> kfree(parser->chunks[i].kpage[1]);
> }
> --
> 1.7.9.5
>
>
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@...ts.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dri-devel
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists