From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org, Hassan Shahbazi <h.shahbazi.git@gmail.com>,
gregkh@linuxfoundation.org, daniel.vetter@ffwll.ch,
jirislaby@kernel.org, yepeilin.cs@gmail.com
Cc: lkp@intel.com, kbuild-all@lists.01.org,
linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org,
Hassan Shahbazi <h.shahbazi.git@gmail.com>
Subject: Re: [PATCH] fix NULL pointer deference crash
Date: Wed, 31 Mar 2021 23:02:33 +0300 [thread overview]
Message-ID: <20210331200233.GN2065@kadam> (raw)
In-Reply-To: <20210331163425.8092-1-h.shahbazi.git@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3680 bytes --]
Hi Hassan,
url: https://github.com/0day-ci/linux/commits/Hassan-Shahbazi/fix-NULL-pointer-deference-crash/20210401-004543
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5e46d1b78a03d52306f21f77a4e4a144b6d31486
config: x86_64-randconfig-m001-20210330 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/video/fbdev/core/fbcon.c:1336 fbcon_cursor() warn: variable dereferenced before check 'ops' (see line 1324)
Old smatch warnings:
drivers/video/fbdev/core/fbcon.c:3028 fbcon_get_con2fb_map_ioctl() warn: potential spectre issue 'con2fb_map' [r]
vim +/ops +1336 drivers/video/fbdev/core/fbcon.c
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1318 static void fbcon_cursor(struct vc_data *vc, int mode)
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1319 {
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1320 struct fb_info *info = registered_fb[con2fb_map[vc->vc_num]];
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1321 struct fbcon_ops *ops = info->fbcon_par;
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1322 int c = scr_readw((u16 *) vc->vc_pos);
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1323
2a17d7e80f1df44 drivers/video/console/fbcon.c Scot Doyle 2015-08-04 @1324 ops->cur_blink_jiffies = msecs_to_jiffies(vc->vc_cur_blink_ms);
2a17d7e80f1df44 drivers/video/console/fbcon.c Scot Doyle 2015-08-04 1325
d1e2306681ad3cb drivers/video/console/fbcon.c Michal Januszewski 2007-05-08 1326 if (fbcon_is_inactive(vc, info) || vc->vc_deccm != 1)
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1327 return;
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1328
c0e4b3ad67997a6 drivers/video/fbdev/core/fbcon.c Jiri Slaby 2020-06-15 1329 if (vc->vc_cursor_type & CUR_SW)
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1330 fbcon_del_cursor_timer(info);
a5edce421848442 drivers/video/console/fbcon.c Thierry Reding 2015-05-21 1331 else
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1332 fbcon_add_cursor_timer(info);
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1333
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1334 ops->cursor_flash = (mode == CM_ERASE) ? 0 : 1;
^^^^^^^^^^^^^^^^^
Dereferenced
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1335
1d73453653c6d4f drivers/video/fbdev/core/fbcon.c Hassan Shahbazi 2021-03-31 @1336 if (ops && ops->cursor)
^^^
Checked too late
06a0df4d1b8b13b drivers/video/fbdev/core/fbcon.c Linus Torvalds 2020-09-08 1337 ops->cursor(vc, info, mode, get_color(vc, info, c, 1),
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1338 get_color(vc, info, c, 0));
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1339 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 45368 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org, Hassan Shahbazi <h.shahbazi.git@gmail.com>,
gregkh@linuxfoundation.org, daniel.vetter@ffwll.ch,
jirislaby@kernel.org, yepeilin.cs@gmail.com
Cc: linux-fbdev@vger.kernel.org, kbuild-all@lists.01.org,
lkp@intel.com, linux-kernel@vger.kernel.org,
dri-devel@lists.freedesktop.org,
Hassan Shahbazi <h.shahbazi.git@gmail.com>
Subject: Re: [PATCH] fix NULL pointer deference crash
Date: Wed, 31 Mar 2021 23:02:33 +0300 [thread overview]
Message-ID: <20210331200233.GN2065@kadam> (raw)
In-Reply-To: <20210331163425.8092-1-h.shahbazi.git@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3680 bytes --]
Hi Hassan,
url: https://github.com/0day-ci/linux/commits/Hassan-Shahbazi/fix-NULL-pointer-deference-crash/20210401-004543
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5e46d1b78a03d52306f21f77a4e4a144b6d31486
config: x86_64-randconfig-m001-20210330 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/video/fbdev/core/fbcon.c:1336 fbcon_cursor() warn: variable dereferenced before check 'ops' (see line 1324)
Old smatch warnings:
drivers/video/fbdev/core/fbcon.c:3028 fbcon_get_con2fb_map_ioctl() warn: potential spectre issue 'con2fb_map' [r]
vim +/ops +1336 drivers/video/fbdev/core/fbcon.c
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1318 static void fbcon_cursor(struct vc_data *vc, int mode)
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1319 {
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1320 struct fb_info *info = registered_fb[con2fb_map[vc->vc_num]];
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1321 struct fbcon_ops *ops = info->fbcon_par;
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1322 int c = scr_readw((u16 *) vc->vc_pos);
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1323
2a17d7e80f1df44 drivers/video/console/fbcon.c Scot Doyle 2015-08-04 @1324 ops->cur_blink_jiffies = msecs_to_jiffies(vc->vc_cur_blink_ms);
2a17d7e80f1df44 drivers/video/console/fbcon.c Scot Doyle 2015-08-04 1325
d1e2306681ad3cb drivers/video/console/fbcon.c Michal Januszewski 2007-05-08 1326 if (fbcon_is_inactive(vc, info) || vc->vc_deccm != 1)
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1327 return;
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1328
c0e4b3ad67997a6 drivers/video/fbdev/core/fbcon.c Jiri Slaby 2020-06-15 1329 if (vc->vc_cursor_type & CUR_SW)
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1330 fbcon_del_cursor_timer(info);
a5edce421848442 drivers/video/console/fbcon.c Thierry Reding 2015-05-21 1331 else
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1332 fbcon_add_cursor_timer(info);
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1333
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1334 ops->cursor_flash = (mode == CM_ERASE) ? 0 : 1;
^^^^^^^^^^^^^^^^^
Dereferenced
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1335
1d73453653c6d4f drivers/video/fbdev/core/fbcon.c Hassan Shahbazi 2021-03-31 @1336 if (ops && ops->cursor)
^^^
Checked too late
06a0df4d1b8b13b drivers/video/fbdev/core/fbcon.c Linus Torvalds 2020-09-08 1337 ops->cursor(vc, info, mode, get_color(vc, info, c, 1),
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1338 get_color(vc, info, c, 0));
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1339 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 45368 bytes --]
[-- Attachment #3: Type: text/plain, Size: 160 bytes --]
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org
Subject: Re: [PATCH] fix NULL pointer deference crash
Date: Wed, 31 Mar 2021 23:02:33 +0300 [thread overview]
Message-ID: <20210331200233.GN2065@kadam> (raw)
In-Reply-To: <20210331163425.8092-1-h.shahbazi.git@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3733 bytes --]
Hi Hassan,
url: https://github.com/0day-ci/linux/commits/Hassan-Shahbazi/fix-NULL-pointer-deference-crash/20210401-004543
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5e46d1b78a03d52306f21f77a4e4a144b6d31486
config: x86_64-randconfig-m001-20210330 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/video/fbdev/core/fbcon.c:1336 fbcon_cursor() warn: variable dereferenced before check 'ops' (see line 1324)
Old smatch warnings:
drivers/video/fbdev/core/fbcon.c:3028 fbcon_get_con2fb_map_ioctl() warn: potential spectre issue 'con2fb_map' [r]
vim +/ops +1336 drivers/video/fbdev/core/fbcon.c
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1318 static void fbcon_cursor(struct vc_data *vc, int mode)
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1319 {
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1320 struct fb_info *info = registered_fb[con2fb_map[vc->vc_num]];
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1321 struct fbcon_ops *ops = info->fbcon_par;
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1322 int c = scr_readw((u16 *) vc->vc_pos);
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1323
2a17d7e80f1df44 drivers/video/console/fbcon.c Scot Doyle 2015-08-04 @1324 ops->cur_blink_jiffies = msecs_to_jiffies(vc->vc_cur_blink_ms);
2a17d7e80f1df44 drivers/video/console/fbcon.c Scot Doyle 2015-08-04 1325
d1e2306681ad3cb drivers/video/console/fbcon.c Michal Januszewski 2007-05-08 1326 if (fbcon_is_inactive(vc, info) || vc->vc_deccm != 1)
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1327 return;
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1328
c0e4b3ad67997a6 drivers/video/fbdev/core/fbcon.c Jiri Slaby 2020-06-15 1329 if (vc->vc_cursor_type & CUR_SW)
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1330 fbcon_del_cursor_timer(info);
a5edce421848442 drivers/video/console/fbcon.c Thierry Reding 2015-05-21 1331 else
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1332 fbcon_add_cursor_timer(info);
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1333
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1334 ops->cursor_flash = (mode == CM_ERASE) ? 0 : 1;
^^^^^^^^^^^^^^^^^
Dereferenced
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1335
1d73453653c6d4f drivers/video/fbdev/core/fbcon.c Hassan Shahbazi 2021-03-31 @1336 if (ops && ops->cursor)
^^^
Checked too late
06a0df4d1b8b13b drivers/video/fbdev/core/fbcon.c Linus Torvalds 2020-09-08 1337 ops->cursor(vc, info, mode, get_color(vc, info, c, 1),
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1338 get_color(vc, info, c, 0));
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1339 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 45368 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH] fix NULL pointer deference crash
Date: Wed, 31 Mar 2021 23:02:33 +0300 [thread overview]
Message-ID: <20210331200233.GN2065@kadam> (raw)
In-Reply-To: <20210331163425.8092-1-h.shahbazi.git@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3733 bytes --]
Hi Hassan,
url: https://github.com/0day-ci/linux/commits/Hassan-Shahbazi/fix-NULL-pointer-deference-crash/20210401-004543
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5e46d1b78a03d52306f21f77a4e4a144b6d31486
config: x86_64-randconfig-m001-20210330 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/video/fbdev/core/fbcon.c:1336 fbcon_cursor() warn: variable dereferenced before check 'ops' (see line 1324)
Old smatch warnings:
drivers/video/fbdev/core/fbcon.c:3028 fbcon_get_con2fb_map_ioctl() warn: potential spectre issue 'con2fb_map' [r]
vim +/ops +1336 drivers/video/fbdev/core/fbcon.c
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1318 static void fbcon_cursor(struct vc_data *vc, int mode)
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1319 {
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1320 struct fb_info *info = registered_fb[con2fb_map[vc->vc_num]];
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1321 struct fbcon_ops *ops = info->fbcon_par;
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1322 int c = scr_readw((u16 *) vc->vc_pos);
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1323
2a17d7e80f1df44 drivers/video/console/fbcon.c Scot Doyle 2015-08-04 @1324 ops->cur_blink_jiffies = msecs_to_jiffies(vc->vc_cur_blink_ms);
2a17d7e80f1df44 drivers/video/console/fbcon.c Scot Doyle 2015-08-04 1325
d1e2306681ad3cb drivers/video/console/fbcon.c Michal Januszewski 2007-05-08 1326 if (fbcon_is_inactive(vc, info) || vc->vc_deccm != 1)
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1327 return;
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1328
c0e4b3ad67997a6 drivers/video/fbdev/core/fbcon.c Jiri Slaby 2020-06-15 1329 if (vc->vc_cursor_type & CUR_SW)
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1330 fbcon_del_cursor_timer(info);
a5edce421848442 drivers/video/console/fbcon.c Thierry Reding 2015-05-21 1331 else
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1332 fbcon_add_cursor_timer(info);
acba9cd01974353 drivers/video/console/fbcon.c Antonino A. Daplas 2007-07-17 1333
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1334 ops->cursor_flash = (mode == CM_ERASE) ? 0 : 1;
^^^^^^^^^^^^^^^^^
Dereferenced
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1335
1d73453653c6d4f drivers/video/fbdev/core/fbcon.c Hassan Shahbazi 2021-03-31 @1336 if (ops && ops->cursor)
^^^
Checked too late
06a0df4d1b8b13b drivers/video/fbdev/core/fbcon.c Linus Torvalds 2020-09-08 1337 ops->cursor(vc, info, mode, get_color(vc, info, c, 1),
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1338 get_color(vc, info, c, 0));
^1da177e4c3f415 drivers/video/console/fbcon.c Linus Torvalds 2005-04-16 1339 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 45368 bytes --]
next prev parent reply other threads:[~2021-03-31 20:03 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-31 16:34 [PATCH] fix NULL pointer deference crash Hassan Shahbazi
2021-03-31 16:34 ` Hassan Shahbazi
2021-03-31 17:32 ` Greg KH
2021-03-31 17:32 ` Greg KH
2021-04-01 6:21 ` Hassan Shahbazi
2021-04-01 6:21 ` Hassan Shahbazi
2021-04-01 6:54 ` Greg KH
2021-04-01 6:54 ` Greg KH
2021-03-31 20:02 ` Dan Carpenter [this message]
2021-03-31 20:02 ` Dan Carpenter
2021-03-31 20:02 ` Dan Carpenter
2021-03-31 20:02 ` Dan Carpenter
2021-03-31 19:29 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210331200233.GN2065@kadam \
--to=dan.carpenter@oracle.com \
--cc=daniel.vetter@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=h.shahbazi.git@gmail.com \
--cc=jirislaby@kernel.org \
--cc=kbuild-all@lists.01.org \
--cc=kbuild@lists.01.org \
--cc=linux-fbdev@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=yepeilin.cs@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.