| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251106095735.788100-1-liqiang01@kylinos.cn>
Date: Thu, 6 Nov 2025 17:57:35 +0800
From: Li Qiang <liqiang01@...inos.cn>
To: lyude@...hat.com,
dakr@...nel.org,
maarten.lankhorst@...ux.intel.com,
mripard@...nel.org,
tzimmermann@...e.de,
airlied@...il.com,
simona@...ll.ch
Cc: dri-devel@...ts.freedesktop.org,
nouveau@...ts.freedesktop.org,
linux-kernel@...r.kernel.org,
Li Qiang <liqiang01@...inos.cn>
Subject: [PATCH] drm/nouveau: Add __GFP_NOFAIL for DSM buffer allocation in r535_disp_oneinit()
acpi_evaluate_dsm() expects a valid buffer pointer for the DSM argument.
The current code uses kmalloc() without checking its return value, which
may lead to a NULL pointer dereference under memory pressure.
Since this buffer is small and there is no recovery path available here,
use __GFP_NOFAIL to guarantee allocation success and avoid potential
kernel crashes.
Fixes: 9e99444490238 ("drm/nouveau/disp/r535: initial support")
Signed-off-by: Li Qiang <liqiang01@...inos.cn>
---
drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/disp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/disp.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/disp.c
index 6e63df816d85..f55ff5dea1c5 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/disp.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/disp.c
@@ -1585,7 +1585,8 @@ r535_disp_oneinit(struct nvkm_disp *disp)
union acpi_object argv4 = {
.buffer.type = ACPI_TYPE_BUFFER,
.buffer.length = sizeof(ctrl->backLightData),
- .buffer.pointer = kmalloc(argv4.buffer.length, GFP_KERNEL),
+ .buffer.pointer = kmalloc(argv4.buffer.length,
+ GFP_KERNEL | __GFP_NOFAIL),
}, *obj;
obj = acpi_evaluate_dsm(handle, nbci ? &NBCI_DSM_GUID : &NVHG_DSM_GUID,
--
2.25.1
Powered by blists - more mailing lists