| Message ID | 20220729090643.240778-1-khabibrakhmanova@ispras.ru (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/via: Add new condition to via_dma_cleanup() | expand |
On Fri, Jul 29, 2022 at 12:06:43PM +0300, Alisa Khabibrakhmanova wrote: > Pointer dev_priv->mmio, which was checked for NULL at via_do_init_map(), > is passed to via_do_cleanup_map() and is dereferenced there without check. > > The patch adds the condition in via_dma_cleanup() which prevents potential NULL > pointer dereference. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 22f579c621e2 ("drm: Add via unichrome support") > Signed-off-by: Alisa Khabibrakhmanova <khabibrakhmanova@ispras.ru> This seems to have fallen through cracks, I applied it to drm-misc-next now. Thanks for your patch. -Daniel > --- > drivers/gpu/drm/via/via_dri1.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/via/via_dri1.c b/drivers/gpu/drm/via/via_dri1.c > index d695d9291ece..691e3ceb0062 100644 > --- a/drivers/gpu/drm/via/via_dri1.c > +++ b/drivers/gpu/drm/via/via_dri1.c > @@ -2961,7 +2961,7 @@ int via_dma_cleanup(struct drm_device *dev) > drm_via_private_t *dev_priv = > (drm_via_private_t *) dev->dev_private; > > - if (dev_priv->ring.virtual_start) { > + if (dev_priv->ring.virtual_start && dev_priv->mmio) { > via_cmdbuf_reset(dev_priv); > > drm_legacy_ioremapfree(&dev_priv->ring.map, dev); > -- > 2.34.1 >
diff --git a/drivers/gpu/drm/via/via_dri1.c b/drivers/gpu/drm/via/via_dri1.c index d695d9291ece..691e3ceb0062 100644 --- a/drivers/gpu/drm/via/via_dri1.c +++ b/drivers/gpu/drm/via/via_dri1.c @@ -2961,7 +2961,7 @@ int via_dma_cleanup(struct drm_device *dev) drm_via_private_t *dev_priv = (drm_via_private_t *) dev->dev_private; - if (dev_priv->ring.virtual_start) { + if (dev_priv->ring.virtual_start && dev_priv->mmio) { via_cmdbuf_reset(dev_priv); drm_legacy_ioremapfree(&dev_priv->ring.map, dev);
Pointer dev_priv->mmio, which was checked for NULL at via_do_init_map(), is passed to via_do_cleanup_map() and is dereferenced there without check. The patch adds the condition in via_dma_cleanup() which prevents potential NULL pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 22f579c621e2 ("drm: Add via unichrome support") Signed-off-by: Alisa Khabibrakhmanova <khabibrakhmanova@ispras.ru> --- drivers/gpu/drm/via/via_dri1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)