lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Dec 2019 08:45:07 +0200
From:   Stefan Mavrodiev <stefan@...mex.com>
To:     Maxime Ripard <mripard@...nel.org>
Cc:     Stefan Mavrodiev <stefan@...mex.com>, Chen-Yu Tsai <wens@...e.org>,
        David Airlie <airlied@...ux.ie>,
        Daniel Vetter <daniel@...ll.ch>,
        "open list:DRM DRIVERS FOR ALLWINNER A10" 
        <dri-devel@...ts.freedesktop.org>,
        "moderated list:ARM/Allwinner sunXi SoC support" 
        <linux-arm-kernel@...ts.infradead.org>,
        open list <linux-kernel@...r.kernel.org>,
        linux-sunxi@...glegroups.com
Subject: Re: [PATCH 1/1] drm/sun4i: hdmi: Check for null pointer before
 cleanup

Hi,

On 12/16/19 6:12 PM, Maxime Ripard wrote:
> Hi,
>
> On Mon, Dec 16, 2019 at 04:43:48PM +0200, Stefan Mavrodiev wrote:
>> It's possible hdmi->connector and hdmi->encoder divices to be NULL.
>> This can happen when building as kernel module and you try to remove
>> the module.
>>
>> This patch make simple null check, before calling the cleanup functions.
>>
>> Signed-off-by: Stefan Mavrodiev <stefan@...mex.com>
>> ---
>>   drivers/gpu/drm/sun4i/sun4i_hdmi_enc.c | 6 ++++--
>>   1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/sun4i/sun4i_hdmi_enc.c b/drivers/gpu/drm/sun4i/sun4i_hdmi_enc.c
>> index a7c4654445c7..b61e00f2ecb8 100644
>> --- a/drivers/gpu/drm/sun4i/sun4i_hdmi_enc.c
>> +++ b/drivers/gpu/drm/sun4i/sun4i_hdmi_enc.c
>> @@ -685,8 +685,10 @@ static void sun4i_hdmi_unbind(struct device *dev, struct device *master,
>>   	struct sun4i_hdmi *hdmi = dev_get_drvdata(dev);
>>
>>   	cec_unregister_adapter(hdmi->cec_adap);
>> -	drm_connector_cleanup(&hdmi->connector);
>> -	drm_encoder_cleanup(&hdmi->encoder);
>> +	if (hdmi->connector.dev)
>> +		drm_connector_cleanup(&hdmi->connector);
>> +	if (hdmi->encoder.dev)
>> +		drm_encoder_cleanup(&hdmi->encoder);
> Hmmm, this doesn't look right. Do you have more information on how you
> can reproduce it?

Just build sun4i_drm_hdmi as module (CONFIG_DRM_SUN4I_HDMI=m). Then try 
to unload the module:

# rmmod sun4i_drm_hdmi

And you get this:

Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = 6b032436
[00000000] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
Modules linked in: sun4i_drm_hdmi(-)
CPU: 0 PID: 1081 Comm: rmmod Not tainted 5.5.0-rc1-00030-g6ec417030d93 #33
Hardware name: Allwinner sun7i (A20) Family
PC is at drm_connector_cleanup+0x40/0x208
LR is at sun4i_hdmi_unbind+0x10/0x54 [sun4i_drm_hdmi]
...


I've tested that with sunxi/for-next branch on A20-OLinuXino board.

Best regards,
Stefan

>
> Maxime

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ