lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87o74d45gj.fsf@intel.com>
Date: Tue, 24 Sep 2024 15:11:08 +0300
From: Jani Nikula <jani.nikula@...ux.intel.com>
To: George Rurikov <g.ryurikov@...uritycode.ru>
Cc: George Rurikov <g.ryurikov@...uritycode.ru>, Rodrigo Vivi
 <rodrigo.vivi@...el.com>, Joonas Lahtinen
 <joonas.lahtinen@...ux.intel.com>, Tvrtko Ursulin <tursulin@...ulin.net>,
 David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>,
 intel-gfx@...ts.freedesktop.org, intel-xe@...ts.freedesktop.org,
 dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
 stable@...r.kernel.org
Subject: Re: [PATCH] drm: Add check for encoder in intel_get_crtc_new_encoder()

On Tue, 24 Sep 2024, Jani Nikula <jani.nikula@...ux.intel.com> wrote:
> On Tue, 24 Sep 2024, George Rurikov <g.ryurikov@...uritycode.ru> wrote:
>> If the video card driver could not find the connector assigned to the
>> current video controller, or if the hardware status has changed so that
>> a pre-existing connector is no longer active, none of the state
>> connectors will meet the assignment criteria for the current crtc video
>> controller.
>>
>> In the drm_WARN function, encoder->base.dev is called, so
>> '&encoder->base.dev' will be dereferenced since encoder will still be
>> initialized NULL.
>
> encoder is not dereferenced there.

Looks like the issue was there ages ago, and was fixed in v6.5 by commit
3b6692357f70 ("drm/i915: Make intel_get_crtc_new_encoder() less oopsy").

Please run your analysis on recent kernels.

BR,
Jani.


>
>> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>>
>> Fixes: e12d6218fda2 ("drm/i915: Reduce bigjoiner special casing")
>> Cc: stable@...r.kernel.org
>> Signed-off-by: George Rurikov <g.ryurikov@...uritycode.ru>
>> ---
>>  drivers/gpu/drm/i915/display/intel_display.c | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/i915/display/intel_display.c b/drivers/gpu/drm/i915/display/intel_display.c
>> index b4ef4d59da1a..1f25b12e5f67 100644
>> --- a/drivers/gpu/drm/i915/display/intel_display.c
>> +++ b/drivers/gpu/drm/i915/display/intel_display.c
>> @@ -819,9 +819,11 @@ intel_get_crtc_new_encoder(const struct intel_atomic_state *state,
>>                 num_encoders++;
>>         }
>>
>> -       drm_WARN(state->base.dev, num_encoders != 1,
>> +       if (encoder) {
>> +               drm_WARN(state->base.dev, num_encoders != 1,
>>                  "%d encoders for pipe %c\n",
>>                  num_encoders, pipe_name(primary_crtc->pipe));
>> +       }
>>
>>         return encoder;
>>  }
>> --
>> 2.34.1
>>
>> Заявление о конфиденциальности
>>
>> Данное электронное письмо и любые приложения к нему являются конфиденциальными и предназначены исключительно для адресата. Если Вы не являетесь адресатом данного письма, пожалуйста, уведомите немедленно отправителя, не раскрывайте содержание другим лицам, не используйте его в каких-либо целях, не храните и не копируйте информацию любым способом.
>
> Sorry, we can't accept patches with that boilerplate anyway.
>
> BR,
> Jani.

-- 
Jani Nikula, Intel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ