lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKMK7uHRsk79BzmgnQ23EaKwgMBcXmAYMLT8rqt-ebdJ36EW8g@mail.gmail.com>
Date:   Fri, 26 May 2017 08:50:49 +0200
From:   Daniel Vetter <daniel@...ll.ch>
To:     Christoph Hellwig <hch@...radead.org>
Cc:     jeffy <jeffy.chen@...k-chips.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        dri-devel <dri-devel@...ts.freedesktop.org>,
        Tomasz Figa <tfiga@...omium.org>,
        "open list:ARM/Rockchip SoC..." <linux-rockchip@...ts.infradead.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH] drm/rockchip: Don't allow zero sized gem buffer

On Fri, May 26, 2017 at 7:52 AM, Christoph Hellwig <hch@...radead.org> wrote:
> On Fri, May 26, 2017 at 10:30:09AM +0800, jeffy wrote:
>> Hi sean,
>>
>> On 05/25/2017 11:30 PM, Sean Paul wrote:
>> > On Tue, May 23, 2017 at 02:39:43PM +0800, Jeffy Chen wrote:
>> > > The system would crash when trying to alloc zero sized gem buffer:
>> > > [    6.712435] Unable to handle kernel NULL pointer dereference at virtual address 00000010 <--ZERO_SIZE_PTR
>> > > ...
>> > > [    6.757502] PC is at sg_alloc_table_from_pages+0x170/0x1ec
>> >
>> > It's unfortunate that you didn't include the entire stack trace. From code
>> > inspection, it seems like the 0 size comes from the fb_probe path? Is there
>> > somewhere in the helpers that you could check the mode is sane so all drivers
>> > can benefit?
>>
>> hmm, sorry, i was testing it on chromeos 4.4 kernel, it turns out that we
>> have a custom ioctl for userspace to create gem buffer(the same as exynos
>> drm), which might get the the 0 size.
>>
>> but on upstream kernel, it could only be called by dump_create, and the
>> drm_mode_create_dumb_ioctl already did the size check.
>>
>> will resent this patch, and rewrite the commit message, thanx.
>
> That suggests that this patch isn't needed at all.

Yes, not needed for upstream. But next time around pls include the
entire backtrace (or at least the relevant parts), not just the last
line, so that we can figure this out directly.

Thanks, Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ