* [BUG] video: fbdev: broadsheetfb: Possible null function pointers @ 2018-07-26 14:17 ` bai 2018-07-26 14:34 ` Bartlomiej Zolnierkiewicz 0 siblings, 1 reply; 4+ messages in thread From: bai @ 2018-07-26 14:17 UTC (permalink / raw) To: b.zolnierkie; +Cc: dri-devel, linux-fbdev, linux-kernel In Linux-4.16, drivers/video/fbdev/broadsheetfb.c, 158. static void broadsheet_mmio_send_cmdargs(...) { ...... 163. par->board->mmio_write(...); ...... 166. par->board->mmio_write(...); 167. } For x86 kernel configuration, I find that there is no assignment of the function pointer ".mmio_write" in the kernel code. So calling the function pointer in lines 163 and 166 may cause a null pointer dereference. In this file, there are many calls to this function pointer... Best wishes, Jia-Ju Bai ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [BUG] video: fbdev: broadsheetfb: Possible null function pointers 2018-07-26 14:17 ` [BUG] video: fbdev: broadsheetfb: Possible null function pointers bai @ 2018-07-26 14:34 ` Bartlomiej Zolnierkiewicz 2018-07-27 1:49 ` Jia-Ju Bai 0 siblings, 1 reply; 4+ messages in thread From: Bartlomiej Zolnierkiewicz @ 2018-07-26 14:34 UTC (permalink / raw) To: bai; +Cc: dri-devel, linux-fbdev, linux-kernel On Thursday, July 26, 2018 10:17:44 PM bai wrote: > In Linux-4.16, drivers/video/fbdev/broadsheetfb.c, > > 158. static void broadsheet_mmio_send_cmdargs(...) { > ...... > 163. par->board->mmio_write(...); > ...... > 166. par->board->mmio_write(...); > 167. } > > For x86 kernel configuration, I find that there is no assignment of the > function pointer ".mmio_write" in the kernel code. > So calling the function pointer in lines 163 and 166 may cause a null > pointer dereference. > > In this file, there are many calls to this function pointer... This is a platform driver and it won't be used on x86 (actually it is used only by single ARM PXA board). The dependency for FB_BROADSHEET in Kconfig file could be improved to i.e. depends on FB && (ARCH_PXA || COMPILE_TEST) but there is no bug there. Best regards, -- Bartlomiej Zolnierkiewicz Samsung R&D Institute Poland Samsung Electronics ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [BUG] video: fbdev: broadsheetfb: Possible null function pointers 2018-07-26 14:34 ` Bartlomiej Zolnierkiewicz @ 2018-07-27 1:49 ` Jia-Ju Bai 2018-07-27 8:06 ` Bartlomiej Zolnierkiewicz 0 siblings, 1 reply; 4+ messages in thread From: Jia-Ju Bai @ 2018-07-27 1:49 UTC (permalink / raw) To: Bartlomiej Zolnierkiewicz; +Cc: dri-devel, linux-fbdev, linux-kernel On 2018/7/26 22:34, Bartlomiej Zolnierkiewicz wrote: > On Thursday, July 26, 2018 10:17:44 PM bai wrote: >> In Linux-4.16, drivers/video/fbdev/broadsheetfb.c, >> >> 158. static void broadsheet_mmio_send_cmdargs(...) { >> ...... >> 163. par->board->mmio_write(...); >> ...... >> 166. par->board->mmio_write(...); >> 167. } >> >> For x86 kernel configuration, I find that there is no assignment of the >> function pointer ".mmio_write" in the kernel code. >> So calling the function pointer in lines 163 and 166 may cause a null >> pointer dereference. >> >> In this file, there are many calls to this function pointer... > This is a platform driver and it won't be used on x86 (actually it is > used only by single ARM PXA board). The dependency for FB_BROADSHEET > in Kconfig file could be improved to i.e. > > depends on FB && (ARCH_PXA || COMPILE_TEST) > > but there is no bug there. Thanks for the reply :) So I want to submit a patch of updating Kconfig in drivers/video/fbdev/Kconfig: config FB_BROADSHEET tristate "E-Ink Broadsheet/Epson S1D13521 controller support" - depends on FB + depends on FB && (ARCH_PXA || COMPILE_TEST) select FB_SYS_FILLRECT select FB_SYS_COPYAREA select FB_SYS_IMAGEBLIT select FB_SYS_FOPS select FB_DEFERRED_IO Do you think it is okay? Best wishes, Jia-Ju Bai ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [BUG] video: fbdev: broadsheetfb: Possible null function pointers 2018-07-27 1:49 ` Jia-Ju Bai @ 2018-07-27 8:06 ` Bartlomiej Zolnierkiewicz 0 siblings, 0 replies; 4+ messages in thread From: Bartlomiej Zolnierkiewicz @ 2018-07-27 8:06 UTC (permalink / raw) To: Jia-Ju Bai; +Cc: linux-fbdev, linux-kernel, dri-devel On Friday, July 27, 2018 09:49:41 AM Jia-Ju Bai wrote: > > On 2018/7/26 22:34, Bartlomiej Zolnierkiewicz wrote: > > On Thursday, July 26, 2018 10:17:44 PM bai wrote: > >> In Linux-4.16, drivers/video/fbdev/broadsheetfb.c, > >> > >> 158. static void broadsheet_mmio_send_cmdargs(...) { > >> ...... > >> 163. par->board->mmio_write(...); > >> ...... > >> 166. par->board->mmio_write(...); > >> 167. } > >> > >> For x86 kernel configuration, I find that there is no assignment of the > >> function pointer ".mmio_write" in the kernel code. > >> So calling the function pointer in lines 163 and 166 may cause a null > >> pointer dereference. > >> > >> In this file, there are many calls to this function pointer... > > This is a platform driver and it won't be used on x86 (actually it is > > used only by single ARM PXA board). The dependency for FB_BROADSHEET > > in Kconfig file could be improved to i.e. > > > > depends on FB && (ARCH_PXA || COMPILE_TEST) > > > > but there is no bug there. > > Thanks for the reply :) > So I want to submit a patch of updating Kconfig in > drivers/video/fbdev/Kconfig: > > config FB_BROADSHEET > tristate "E-Ink Broadsheet/Epson S1D13521 controller support" > - depends on FB > + depends on FB && (ARCH_PXA || COMPILE_TEST) > select FB_SYS_FILLRECT > select FB_SYS_COPYAREA > select FB_SYS_IMAGEBLIT > select FB_SYS_FOPS > select FB_DEFERRED_IO > > > Do you think it is okay? Please read Documentation/process/submitting-patches.rst. Best regards, -- Bartlomiej Zolnierkiewicz Samsung R&D Institute Poland Samsung Electronics ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-07-27 8:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CGME20180726141748epcas1p28f6f11fea0152ed22113351e3a0affbc@epcas1p2.samsung.com>
2018-07-26 14:17 ` [BUG] video: fbdev: broadsheetfb: Possible null function pointers bai
2018-07-26 14:34 ` Bartlomiej Zolnierkiewicz
2018-07-27 1:49 ` Jia-Ju Bai
2018-07-27 8:06 ` Bartlomiej Zolnierkiewicz
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox