From: Sasha Levin <sashal@kernel.org>
To: Jani Nikula <jani.nikula@linux.intel.com>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
tzimmermann@suse.de, Ziqi Zhao <astrajoan@yahoo.com>,
Maxime Ripard <mripard@kernel.org>,
dri-devel@lists.freedesktop.org,
Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>,
syzbot+4fad2e57beb6397ab2fc@syzkaller.appspotmail.com
Subject: Re: [PATCH AUTOSEL 4.14 3/6] drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
Date: Sun, 14 Jan 2024 22:24:49 -0500 [thread overview]
Message-ID: <ZaSlgTAz7vdk97JJ@sashalap> (raw)
In-Reply-To: <87bkamvay5.fsf@intel.com>
On Tue, Dec 19, 2023 at 10:44:02AM +0200, Jani Nikula wrote:
>On Mon, 18 Dec 2023, Sasha Levin <sashal@kernel.org> wrote:
>> From: Ziqi Zhao <astrajoan@yahoo.com>
>>
>> [ Upstream commit 3823119b9c2b5f9e9b760336f75bc989b805cde6 ]
>>
>> The connector_set contains uninitialized values when allocated with
>> kmalloc_array. However, in the "out" branch, the logic assumes that any
>> element in connector_set would be equal to NULL if failed to
>> initialize, which causes the bug reported by Syzbot. The fix is to use
>> an extra variable to keep track of how many connectors are initialized
>> indeed, and use that variable to decrease any refcounts in the "out"
>> branch.
>>
>> Reported-by: syzbot+4fad2e57beb6397ab2fc@syzkaller.appspotmail.com
>> Signed-off-by: Ziqi Zhao <astrajoan@yahoo.com>
>> Reported-and-tested-by: syzbot+4fad2e57beb6397ab2fc@syzkaller.appspotmail.com
>> Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
>> Link: https://lore.kernel.org/r/20230721161446.8602-1-astrajoan@yahoo.com
>> Signed-off-by: Maxime Ripard <mripard@kernel.org>
>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>
>This commit fixes an uninitialized value, but introduces a new
>one. Please backport 6e455f5dcdd1 ("drm/crtc: fix uninitialized variable
>use") from v6.7-rc6 to go with it.
I'll take 6e455f5dcdd1 too, thanks!
--
Thanks,
Sasha
next prev parent reply other threads:[~2024-01-15 3:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-18 12:47 [PATCH AUTOSEL 4.14 1/6] clk: rockchip: rk3128: Fix HCLK_OTG gate register Sasha Levin
2023-12-18 12:47 ` [PATCH AUTOSEL 4.14 2/6] jbd2: correct the printing of write_flags in jbd2_write_superblock() Sasha Levin
2023-12-18 12:47 ` [PATCH AUTOSEL 4.14 3/6] drm/crtc: Fix uninit-value bug in drm_mode_setcrtc Sasha Levin
2023-12-19 8:44 ` Jani Nikula
2024-01-15 3:24 ` Sasha Levin [this message]
2024-01-16 10:46 ` End of 4.14 autosel? " Pavel Machek
2023-12-18 12:47 ` [PATCH AUTOSEL 4.14 4/6] tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing Sasha Levin
2023-12-18 12:47 ` [PATCH AUTOSEL 4.14 5/6] tracing: Add size check when printing trace_marker output Sasha Levin
2023-12-18 12:47 ` [PATCH AUTOSEL 4.14 6/6] ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZaSlgTAz7vdk97JJ@sashalap \
--to=sashal@kernel.org \
--cc=astrajoan@yahoo.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=harshit.m.mogalapalli@oracle.com \
--cc=jani.nikula@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mripard@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+4fad2e57beb6397ab2fc@syzkaller.appspotmail.com \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox