| Message ID | 20200928090726.GB377727@mwanda (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm: prime: Potential Oops in drm_gem_map_dma_buf() | expand |
Hi Dan, Am 28.09.20 um 11:07 schrieb Dan Carpenter: > This code doesn't check if the call to ->get_sg_table() fails so it > could dereference an error pointer and Oops. > > Fixes: c614d7e66c6a ("drm: remove prime sg_table caching") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> this patch is based on outdated code, please take a look at current drm-misc-next. The gem_prime_get_sg_table callback was removed from the driver functions and the missing error check already fixed. Regards, Christian. > --- > drivers/gpu/drm/drm_prime.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c > index 11fe9ff76fd5..1e2c7ff63f16 100644 > --- a/drivers/gpu/drm/drm_prime.c > +++ b/drivers/gpu/drm/drm_prime.c > @@ -627,6 +627,9 @@ struct sg_table *drm_gem_map_dma_buf(struct dma_buf_attachment *attach, > else > sgt = obj->dev->driver->gem_prime_get_sg_table(obj); > > + if (IS_ERR(sgt)) > + return sgt; > + > ret = dma_map_sgtable(attach->dev, sgt, dir, > DMA_ATTR_SKIP_CPU_SYNC); > if (ret) {
diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c index 11fe9ff76fd5..1e2c7ff63f16 100644 --- a/drivers/gpu/drm/drm_prime.c +++ b/drivers/gpu/drm/drm_prime.c @@ -627,6 +627,9 @@ struct sg_table *drm_gem_map_dma_buf(struct dma_buf_attachment *attach, else sgt = obj->dev->driver->gem_prime_get_sg_table(obj); + if (IS_ERR(sgt)) + return sgt; + ret = dma_map_sgtable(attach->dev, sgt, dir, DMA_ATTR_SKIP_CPU_SYNC); if (ret) {
This code doesn't check if the call to ->get_sg_table() fails so it could dereference an error pointer and Oops. Fixes: c614d7e66c6a ("drm: remove prime sg_table caching") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- drivers/gpu/drm/drm_prime.c | 3 +++ 1 file changed, 3 insertions(+)