| Message ID | 20211104214249.1802789-1-vivek.kasireddy@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/virtio: Fix NULL dereference error in virtio_gpu_poll | expand |
On 04 November 2021 at 10:42 pm, Vivek Kasireddy wrote: > When virgl is not enabled, vfpriv pointer would not be allocated. > Therefore, check for a valid value before dereferencing. > > Reported-by: Christian Zigotzky <chzigotzky@xenosoft.de> > Cc: Gurchetan Singh <gurchetansingh@chromium.org> > Cc: Gerd Hoffmann <kraxel@redhat.com> > Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com> > --- > drivers/gpu/drm/virtio/virtgpu_drv.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.c b/drivers/gpu/drm/virtio/virtgpu_drv.c > index 749db18dcfa2..d86e1ad4a972 100644 > --- a/drivers/gpu/drm/virtio/virtgpu_drv.c > +++ b/drivers/gpu/drm/virtio/virtgpu_drv.c > @@ -163,10 +163,11 @@ static __poll_t virtio_gpu_poll(struct file *filp, > struct drm_file *drm_file = filp->private_data; > struct virtio_gpu_fpriv *vfpriv = drm_file->driver_priv; > struct drm_device *dev = drm_file->minor->dev; > + struct virtio_gpu_device *vgdev = dev->dev_private; > struct drm_pending_event *e = NULL; > __poll_t mask = 0; > > - if (!vfpriv->ring_idx_mask) > + if (!vgdev->has_virgl_3d || !vfpriv || !vfpriv->ring_idx_mask) > return drm_poll(filp, wait); > > poll_wait(filp, &drm_file->event_wait, wait); Tested-by: Christian Zigotzky <chzigotzky@xenosoft.de> [1] [1] https://i.ibb.co/N1vL5Kd/Kernel-5-16-alpha3-Power-PC.png
On Thu, Nov 04, 2021 at 02:42:49PM -0700, Vivek Kasireddy wrote: > When virgl is not enabled, vfpriv pointer would not be allocated. > Therefore, check for a valid value before dereferencing. > > Reported-by: Christian Zigotzky <chzigotzky@xenosoft.de> > Cc: Gurchetan Singh <gurchetansingh@chromium.org> > Cc: Gerd Hoffmann <kraxel@redhat.com> > Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com> > --- > drivers/gpu/drm/virtio/virtgpu_drv.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.c b/drivers/gpu/drm/virtio/virtgpu_drv.c > index 749db18dcfa2..d86e1ad4a972 100644 > --- a/drivers/gpu/drm/virtio/virtgpu_drv.c > +++ b/drivers/gpu/drm/virtio/virtgpu_drv.c > @@ -163,10 +163,11 @@ static __poll_t virtio_gpu_poll(struct file *filp, > struct drm_file *drm_file = filp->private_data; > struct virtio_gpu_fpriv *vfpriv = drm_file->driver_priv; > struct drm_device *dev = drm_file->minor->dev; > + struct virtio_gpu_device *vgdev = dev->dev_private; > struct drm_pending_event *e = NULL; > __poll_t mask = 0; > > - if (!vfpriv->ring_idx_mask) > + if (!vgdev->has_virgl_3d || !vfpriv || !vfpriv->ring_idx_mask) > return drm_poll(filp, wait); > > poll_wait(filp, &drm_file->event_wait, wait); Pushed to drm-misc-next-fixes. thanks, Gerd
diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.c b/drivers/gpu/drm/virtio/virtgpu_drv.c index 749db18dcfa2..d86e1ad4a972 100644 --- a/drivers/gpu/drm/virtio/virtgpu_drv.c +++ b/drivers/gpu/drm/virtio/virtgpu_drv.c @@ -163,10 +163,11 @@ static __poll_t virtio_gpu_poll(struct file *filp, struct drm_file *drm_file = filp->private_data; struct virtio_gpu_fpriv *vfpriv = drm_file->driver_priv; struct drm_device *dev = drm_file->minor->dev; + struct virtio_gpu_device *vgdev = dev->dev_private; struct drm_pending_event *e = NULL; __poll_t mask = 0; - if (!vfpriv->ring_idx_mask) + if (!vgdev->has_virgl_3d || !vfpriv || !vfpriv->ring_idx_mask) return drm_poll(filp, wait); poll_wait(filp, &drm_file->event_wait, wait);
When virgl is not enabled, vfpriv pointer would not be allocated. Therefore, check for a valid value before dereferencing. Reported-by: Christian Zigotzky <chzigotzky@xenosoft.de> Cc: Gurchetan Singh <gurchetansingh@chromium.org> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com> --- drivers/gpu/drm/virtio/virtgpu_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)