lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1557256691-25798-3-git-send-email-jcrouse@codeaurora.org>
Date:   Tue,  7 May 2019 13:18:10 -0600
From:   Jordan Crouse <jcrouse@...eaurora.org>
To:     freedreno@...ts.freedesktop.org
Cc:     linux-arm-msm@...r.kernel.org, Sean Paul <sean@...rly.run>,
        Bruce Wang <bzwang@...omium.org>, linux-kernel@...r.kernel.org,
        dri-devel@...ts.freedesktop.org,
        Jeykumar Sankaran <jsanka@...eaurora.org>,
        Rob Clark <robdclark@...il.com>,
        David Airlie <airlied@...ux.ie>,
        Sravanthi Kollukuduru <skolluku@...eaurora.org>,
        Daniel Vetter <daniel@...ll.ch>
Subject: [PATCH 2/3] drm/msm/dpu: Avoid a null de-ref while recovering from kms init fail

In the failure path for dpu_kms_init() it is possible to get to the MMU
destroy function with uninitialized MMU structs. Check for NULl and skip
if needed.

Signed-off-by: Jordan Crouse <jcrouse@...eaurora.org>
---

 drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
index 885bf88..1beaf29 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
@@ -56,7 +56,7 @@ static const char * const iommu_ports[] = {
 #define DPU_DEBUGFS_HWMASKNAME "hw_log_mask"
 
 static int dpu_kms_hw_init(struct msm_kms *kms);
-static int _dpu_kms_mmu_destroy(struct dpu_kms *dpu_kms);
+static void _dpu_kms_mmu_destroy(struct dpu_kms *dpu_kms);
 
 static unsigned long dpu_iomap_size(struct platform_device *pdev,
 				    const char *name)
@@ -725,17 +725,20 @@ static const struct msm_kms_funcs kms_funcs = {
 #endif
 };
 
-static int _dpu_kms_mmu_destroy(struct dpu_kms *dpu_kms)
+static void _dpu_kms_mmu_destroy(struct dpu_kms *dpu_kms)
 {
 	struct msm_mmu *mmu;
 
+	if (!dpu_kms->base.aspace)
+		return;
+
 	mmu = dpu_kms->base.aspace->mmu;
 
 	mmu->funcs->detach(mmu, (const char **)iommu_ports,
 			ARRAY_SIZE(iommu_ports));
 	msm_gem_address_space_put(dpu_kms->base.aspace);
 
-	return 0;
+	dpu_kms->base.aspace = NULL;
 }
 
 static int _dpu_kms_mmu_init(struct dpu_kms *dpu_kms)
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ