* [PATCH] drm/cma-helper: NULL dereference calling drm_gem_cma_prime_get_sg_table()
@ 2018-07-19 8:12 Dan Carpenter
2018-07-20 9:09 ` Liviu Dudau
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2018-07-19 8:12 UTC (permalink / raw)
To: Gustavo Padovan, Joonyoung Shim; +Cc: David Airlie, kernel-janitors, dri-devel
This funciton is only called from drm_gem_map_dma_buf(). It's supposed
to return error pointers on failure and returning a NULL pointer will
lead to a NULL dereference.
Fixes: 78467dc5f70f ("drm/cma: add low-level hook functions to use prime helpers")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/gpu/drm/drm_gem_cma_helper.c b/drivers/gpu/drm/drm_gem_cma_helper.c
index 80a5115c3846..f8a9c09efb87 100644
--- a/drivers/gpu/drm/drm_gem_cma_helper.c
+++ b/drivers/gpu/drm/drm_gem_cma_helper.c
@@ -436,7 +436,7 @@ struct sg_table *drm_gem_cma_prime_get_sg_table(struct drm_gem_object *obj)
sgt = kzalloc(sizeof(*sgt), GFP_KERNEL);
if (!sgt)
- return NULL;
+ return ERR_PTR(-EINVAL);
ret = dma_get_sgtable(obj->dev->dev, sgt, cma_obj->vaddr,
cma_obj->paddr, obj->size);
@@ -447,7 +447,7 @@ struct sg_table *drm_gem_cma_prime_get_sg_table(struct drm_gem_object *obj)
out:
kfree(sgt);
- return NULL;
+ return ERR_PTR(ret);
}
EXPORT_SYMBOL_GPL(drm_gem_cma_prime_get_sg_table);
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] drm/cma-helper: NULL dereference calling drm_gem_cma_prime_get_sg_table()
2018-07-19 8:12 [PATCH] drm/cma-helper: NULL dereference calling drm_gem_cma_prime_get_sg_table() Dan Carpenter
@ 2018-07-20 9:09 ` Liviu Dudau
0 siblings, 0 replies; 2+ messages in thread
From: Liviu Dudau @ 2018-07-20 9:09 UTC (permalink / raw)
To: Dan Carpenter; +Cc: David Airlie, kernel-janitors, dri-devel
On Thu, Jul 19, 2018 at 11:12:01AM +0300, Dan Carpenter wrote:
> This funciton is only called from drm_gem_map_dma_buf(). It's supposed
> to return error pointers on failure and returning a NULL pointer will
> lead to a NULL dereference.
>
> Fixes: 78467dc5f70f ("drm/cma: add low-level hook functions to use prime helpers")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Liviu Dudau <liviu.dudau@arm.com>
>
> diff --git a/drivers/gpu/drm/drm_gem_cma_helper.c b/drivers/gpu/drm/drm_gem_cma_helper.c
> index 80a5115c3846..f8a9c09efb87 100644
> --- a/drivers/gpu/drm/drm_gem_cma_helper.c
> +++ b/drivers/gpu/drm/drm_gem_cma_helper.c
> @@ -436,7 +436,7 @@ struct sg_table *drm_gem_cma_prime_get_sg_table(struct drm_gem_object *obj)
>
> sgt = kzalloc(sizeof(*sgt), GFP_KERNEL);
> if (!sgt)
> - return NULL;
> + return ERR_PTR(-EINVAL);
>
> ret = dma_get_sgtable(obj->dev->dev, sgt, cma_obj->vaddr,
> cma_obj->paddr, obj->size);
> @@ -447,7 +447,7 @@ struct sg_table *drm_gem_cma_prime_get_sg_table(struct drm_gem_object *obj)
>
> out:
> kfree(sgt);
> - return NULL;
> + return ERR_PTR(ret);
> }
> EXPORT_SYMBOL_GPL(drm_gem_cma_prime_get_sg_table);
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
--
==========
| I would like to |
| fix the world, |
| but they're not |
| giving me the |
\ source code! /
---------------
¯\_(ツ)_/¯
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-07-20 9:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-19 8:12 [PATCH] drm/cma-helper: NULL dereference calling drm_gem_cma_prime_get_sg_table() Dan Carpenter
2018-07-20 9:09 ` Liviu Dudau
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox