[v2] drm/vmwgfx: Fix an uninitialized fence handle value
diff mbox series

Message ID 20190131095221.3025-1-thellstrom@vmware.com
State New
Headers show
Series
  • [v2] drm/vmwgfx: Fix an uninitialized fence handle value
Related show

Commit Message

Thomas Hellstrom Jan. 31, 2019, 9:52 a.m. UTC
if vmw_execbuf_fence_commands() fails, The handle value will be
uninitialized and a bogus fence handle might be copied to user-space.

Fixes: 2724b2d54cda: ("drm/vmwgfx: Use new validation interface for the modesetting code v2")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Brian Paul <brianp@vmware.com> #v1
Reviewed-by: Sinclair Yeh <syeh@vmware.com> #v1
---
v2: Also initialize the ret local variable, to silence compilatior warnings.
Call vmw_execbuf_copy_fence_user regardless of the value of ret, to propagate
the correct error code to user-space.
---
 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Deepak Singh Rawat Feb. 1, 2019, 2:07 a.m. UTC | #1
Reviewed-by: Deepak Rawat <drawat@vmware.com>

On Thu, 2019-01-31 at 10:52 +0100, Thomas Hellstrom wrote:
> if vmw_execbuf_fence_commands() fails, The handle value will be
> uninitialized and a bogus fence handle might be copied to user-space.
> 
> Fixes: 2724b2d54cda: ("drm/vmwgfx: Use new validation interface for
> the modesetting code v2")
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
> Reviewed-by: Brian Paul <brianp@vmware.com> #v1
> Reviewed-by: Sinclair Yeh <syeh@vmware.com> #v1
> ---
> v2: Also initialize the ret local variable, to silence compilatior
> warnings.
> Call vmw_execbuf_copy_fence_user regardless of the value of ret, to
> propagate
> the correct error code to user-space.
> ---
>  drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> index b351fb5214d3..5e257a600cea 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> @@ -2554,8 +2554,8 @@ void vmw_kms_helper_validation_finish(struct
> vmw_private *dev_priv,
>  				      user_fence_rep)
>  {
>  	struct vmw_fence_obj *fence = NULL;
> -	uint32_t handle;
> -	int ret;
> +	uint32_t handle = 0;
> +	int ret = 0;
>  
>  	if (file_priv || user_fence_rep || vmw_validation_has_bos(ctx)
> ||
>  	    out_fence)

Patch
diff mbox series

diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index b351fb5214d3..5e257a600cea 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -2554,8 +2554,8 @@  void vmw_kms_helper_validation_finish(struct vmw_private *dev_priv,
 				      user_fence_rep)
 {
 	struct vmw_fence_obj *fence = NULL;
-	uint32_t handle;
-	int ret;
+	uint32_t handle = 0;
+	int ret = 0;
 
 	if (file_priv || user_fence_rep || vmw_validation_has_bos(ctx) ||
 	    out_fence)