* [PATCH] drm/vmwgfx_kms: Fix potential NULL pointer dereference
@ 2017-12-04 21:54 Gustavo A. R. Silva
2017-12-05 13:30 ` Ville Syrjälä
0 siblings, 1 reply; 4+ messages in thread
From: Gustavo A. R. Silva @ 2017-12-04 21:54 UTC (permalink / raw)
To: VMware Graphics, Sinclair Yeh, Thomas Hellstrom, David Airlie
Cc: dri-devel, linux-kernel, Gustavo A. R. Silva
crtc_state is being null checked in a previous code block, which implies
that such pointer might be null.
crtc_state is dereferenced in drm_atomic_helper_check_plane_state, hence
there is a potential null pointer dereference.
Fix this by warning-on and returning -EINVAL in case crtc_state is null.
Addresses-Coverity-ID: 1462412 ("Dereference after null check")
Fixes: a01cb8ba3f62 ("drm: Move drm_plane_helper_check_state() into drm_atomic_helper.c")
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index a2a93d7..72c3b290 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -454,6 +454,9 @@ int vmw_du_primary_plane_atomic_check(struct drm_plane *plane,
clip.y2 = crtc_state->adjusted_mode.vdisplay;
}
+ if (WARN_ON(!crtc_state))
+ return -EINVAL;
+
ret = drm_atomic_helper_check_plane_state(state, crtc_state, &clip,
DRM_PLANE_HELPER_NO_SCALING,
DRM_PLANE_HELPER_NO_SCALING,
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] drm/vmwgfx_kms: Fix potential NULL pointer dereference
2017-12-04 21:54 [PATCH] drm/vmwgfx_kms: Fix potential NULL pointer dereference Gustavo A. R. Silva
@ 2017-12-05 13:30 ` Ville Syrjälä
0 siblings, 0 replies; 4+ messages in thread
From: Ville Syrjälä @ 2017-12-05 13:30 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Thomas Hellstrom, David Airlie, linux-kernel, dri-devel,
VMware Graphics
On Mon, Dec 04, 2017 at 03:54:18PM -0600, Gustavo A. R. Silva wrote:
> crtc_state is being null checked in a previous code block, which implies
> that such pointer might be null.
>
> crtc_state is dereferenced in drm_atomic_helper_check_plane_state, hence
> there is a potential null pointer dereference.
This is a false positive. drm_atomic_helper_check_plane_state() will not
dereference crtc_state when plane_state->crtc is NULL.
>
> Fix this by warning-on and returning -EINVAL in case crtc_state is null.
>
> Addresses-Coverity-ID: 1462412 ("Dereference after null check")
> Fixes: a01cb8ba3f62 ("drm: Move drm_plane_helper_check_state() into drm_atomic_helper.c")
> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
> ---
> drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> index a2a93d7..72c3b290 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> @@ -454,6 +454,9 @@ int vmw_du_primary_plane_atomic_check(struct drm_plane *plane,
> clip.y2 = crtc_state->adjusted_mode.vdisplay;
> }
>
> + if (WARN_ON(!crtc_state))
> + return -EINVAL;
This would in fact break the driver because it would flag an error
whenever the plane is disabled.
> +
> ret = drm_atomic_helper_check_plane_state(state, crtc_state, &clip,
> DRM_PLANE_HELPER_NO_SCALING,
> DRM_PLANE_HELPER_NO_SCALING,
> --
> 2.7.4
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Ville Syrjälä
Intel OTC
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] drm/vmwgfx_kms: Fix potential NULL pointer dereference
@ 2017-12-05 13:30 ` Ville Syrjälä
0 siblings, 0 replies; 4+ messages in thread
From: Ville Syrjälä @ 2017-12-05 13:30 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: VMware Graphics, Sinclair Yeh, Thomas Hellstrom, David Airlie,
linux-kernel, dri-devel
On Mon, Dec 04, 2017 at 03:54:18PM -0600, Gustavo A. R. Silva wrote:
> crtc_state is being null checked in a previous code block, which implies
> that such pointer might be null.
>
> crtc_state is dereferenced in drm_atomic_helper_check_plane_state, hence
> there is a potential null pointer dereference.
This is a false positive. drm_atomic_helper_check_plane_state() will not
dereference crtc_state when plane_state->crtc is NULL.
>
> Fix this by warning-on and returning -EINVAL in case crtc_state is null.
>
> Addresses-Coverity-ID: 1462412 ("Dereference after null check")
> Fixes: a01cb8ba3f62 ("drm: Move drm_plane_helper_check_state() into drm_atomic_helper.c")
> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
> ---
> drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> index a2a93d7..72c3b290 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> @@ -454,6 +454,9 @@ int vmw_du_primary_plane_atomic_check(struct drm_plane *plane,
> clip.y2 = crtc_state->adjusted_mode.vdisplay;
> }
>
> + if (WARN_ON(!crtc_state))
> + return -EINVAL;
This would in fact break the driver because it would flag an error
whenever the plane is disabled.
> +
> ret = drm_atomic_helper_check_plane_state(state, crtc_state, &clip,
> DRM_PLANE_HELPER_NO_SCALING,
> DRM_PLANE_HELPER_NO_SCALING,
> --
> 2.7.4
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Ville Syrjälä
Intel OTC
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] drm/vmwgfx_kms: Fix potential NULL pointer dereference
2017-12-05 13:30 ` Ville Syrjälä
(?)
@ 2017-12-05 15:47 ` Gustavo A. R. Silva
-1 siblings, 0 replies; 4+ messages in thread
From: Gustavo A. R. Silva @ 2017-12-05 15:47 UTC (permalink / raw)
To: Ville Syrjälä
Cc: VMware Graphics, Sinclair Yeh, Thomas Hellstrom, David Airlie,
linux-kernel, dri-devel
Hi Ville,
Quoting Ville Syrjälä <ville.syrjala@linux.intel.com>:
> On Mon, Dec 04, 2017 at 03:54:18PM -0600, Gustavo A. R. Silva wrote:
>> crtc_state is being null checked in a previous code block, which implies
>> that such pointer might be null.
>>
>> crtc_state is dereferenced in drm_atomic_helper_check_plane_state, hence
>> there is a potential null pointer dereference.
>
> This is a false positive. drm_atomic_helper_check_plane_state() will not
> dereference crtc_state when plane_state->crtc is NULL.
>
You are right.
Thank you for clarifying.
--
Gustavo A. R. Silva
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-12-05 15:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-04 21:54 [PATCH] drm/vmwgfx_kms: Fix potential NULL pointer dereference Gustavo A. R. Silva
2017-12-05 13:30 ` Ville Syrjälä
2017-12-05 13:30 ` Ville Syrjälä
2017-12-05 15:47 ` Gustavo A. R. Silva
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.