From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Johan Hovold <johan+linaro@kernel.org>,
Kuogee Hsieh <quic_khsieh@quicinc.com>,
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>,
Abhinav Kumar <quic_abhinavk@quicinc.com>
Subject: [PATCH 4.14 28/60] drm/msm/hdmi: fix memory corruption with too many bridges
Date: Wed, 2 Nov 2022 03:34:49 +0100 [thread overview]
Message-ID: <20221102022052.004542720@linuxfoundation.org> (raw)
In-Reply-To: <20221102022051.081761052@linuxfoundation.org>
From: Johan Hovold <johan+linaro@kernel.org>
commit 4c1294da6aed1f16d47a417dcfe6602833c3c95c upstream.
Add the missing sanity check on the bridge counter to avoid corrupting
data beyond the fixed-sized bridge array in case there are ever more
than eight bridges.
Fixes: a3376e3ec81c ("drm/msm: convert to drm_bridge")
Cc: stable@vger.kernel.org # 3.12
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Tested-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
Reviewed-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/502670/
Link: https://lore.kernel.org/r/20220913085320.8577-5-johan+linaro@kernel.org
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/msm/hdmi/hdmi.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/gpu/drm/msm/hdmi/hdmi.c
+++ b/drivers/gpu/drm/msm/hdmi/hdmi.c
@@ -291,6 +291,11 @@ int msm_hdmi_modeset_init(struct hdmi *h
struct platform_device *pdev = hdmi->pdev;
int ret;
+ if (priv->num_bridges == ARRAY_SIZE(priv->bridges)) {
+ DRM_DEV_ERROR(dev->dev, "too many bridges\n");
+ return -ENOSPC;
+ }
+
hdmi->dev = dev;
hdmi->encoder = encoder;
next prev parent reply other threads:[~2022-11-02 3:39 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-02 2:34 [PATCH 4.14 00/60] 4.14.298-rc1 review Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 01/60] ocfs2: clear dinode links count in case of error Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 02/60] ocfs2: fix BUG when iput after ocfs2_mknod fails Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 03/60] x86/microcode/AMD: Apply the patch early on every logical thread Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 04/60] ata: ahci-imx: Fix MODULE_ALIAS Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 05/60] ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 06/60] KVM: arm64: vgic: Fix exit condition in scan_its_table() Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 07/60] arm64: errata: Remove AES hwcap for COMPAT tasks Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 08/60] r8152: add PID for the Lenovo OneLink+ Dock Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 09/60] btrfs: fix processing of delayed data refs during backref walking Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 10/60] ACPI: extlog: Handle multiple records Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 11/60] HID: magicmouse: Do not set BTN_MOUSE on double report Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 12/60] net/atm: fix proc_mpc_write incorrect return value Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 13/60] net: hns: fix possible memory leak in hnae_ae_register() Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 14/60] iommu/vt-d: Clean up si_domain in the init_dmars() error path Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 15/60] media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 16/60] [PATCH v3] ACPI: video: Force backlight native for more TongFang devices Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 17/60] ALSA: Use del_timer_sync() before freeing timer Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 18/60] ALSA: au88x0: use explicitly signed char Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 19/60] USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 20/60] usb: dwc3: gadget: Dont set IMI for no_interrupt Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 21/60] usb: bdc: change state when port disconnected Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 22/60] usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 23/60] xhci: Remove device endpoints from bandwidth list when freeing the device Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 24/60] tools: iio: iio_utils: fix digit calculation Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 25/60] iio: light: tsl2583: Fix module unloading Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 26/60] fbdev: smscufx: Fix several use-after-free bugs Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 27/60] mac802154: Fix LQI recording Greg Kroah-Hartman
2022-11-02 2:34 ` Greg Kroah-Hartman [this message]
2022-11-02 2:34 ` [PATCH 4.14 29/60] mmc: core: Fix kernel panic when remove non-standard SDIO card Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 30/60] kernfs: fix use-after-free in __kernfs_remove Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 31/60] s390/futex: add missing EX_TABLE entry to __futex_atomic_op() Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 32/60] Xen/gntdev: dont ignore kernel unmapping error Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 33/60] xen/gntdev: Prevent leaking grants Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 34/60] mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 35/60] net: ieee802154: fix error return code in dgram_bind() Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 36/60] drm/msm: Fix return type of mdp4_lvds_connector_mode_valid Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 37/60] arc: iounmap() arg is volatile Greg Kroah-Hartman
2022-11-02 2:34 ` [PATCH 4.14 38/60] ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 39/60] x86/unwind/orc: Fix unreliable stack dump with gcov Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 40/60] amd-xgbe: fix the SFP compliance codes check for DAC cables Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 41/60] amd-xgbe: add the bit rate quirk for Molex cables Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 42/60] kcm: annotate data-races around kcm->rx_psock Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 43/60] kcm: annotate data-races around kcm->rx_wait Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 44/60] net: lantiq_etop: dont free skb when returning NETDEV_TX_BUSY Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 45/60] tcp: fix indefinite deferral of RTO with SACK reneging Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 46/60] can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 47/60] PM: hibernate: Allow hybrid sleep to work with s2idle Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 48/60] media: vivid: s_fbuf: add more sanity checks Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 49/60] media: vivid: dev->bitmap_cap wasnt freed in all cases Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 50/60] media: v4l2-dv-timings: add sanity checks for blanking values Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 51/60] media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check interlaced Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 52/60] i40e: Fix ethtool rx-flow-hash setting for X722 Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 53/60] i40e: Fix flow-type by setting GL_HASH_INSET registers Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 54/60] net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 55/60] PM: domains: Fix handling of unavailable/disabled idle states Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 56/60] ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 57/60] ALSA: aoa: Fix I2S device accounting Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 58/60] openvswitch: switch from WARN to pr_warn Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 59/60] net: ehea: fix possible memory leak in ehea_register_port() Greg Kroah-Hartman
2022-11-02 2:35 ` [PATCH 4.14 60/60] can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive Greg Kroah-Hartman
2022-11-02 10:07 ` [PATCH 4.14 00/60] 4.14.298-rc1 review Jon Hunter
2022-11-02 20:45 ` Guenter Roeck
2022-11-03 10:33 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221102022052.004542720@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dmitry.baryshkov@linaro.org \
--cc=johan+linaro@kernel.org \
--cc=patches@lists.linux.dev \
--cc=quic_abhinavk@quicinc.com \
--cc=quic_khsieh@quicinc.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox