From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
To: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org
Cc: patches@lists.linux.dev, Emil Velikov <emil.l.velikov@gmail.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Ovidiu Panait <ovidiu.panait@windriver.com>,
Dan Carpenter <error27@gmail.com>,
Darren Kenny <darren.kenny@oracle.com>,
Vegard Nossum <vegard.nossum@oracle.com>
Subject: Re: [PATCH 5.10 16/19] drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
Date: Thu, 2 Mar 2023 20:16:35 +0300 [thread overview]
Message-ID: <0c9d2708-cd94-7a68-4f55-02b5a41e073b@collabora.com> (raw)
In-Reply-To: <78b78fd7-899c-aee8-4f82-f7e7dbc2f4c9@oracle.com>
On 3/2/23 19:52, Harshit Mogalapalli wrote:
> Hi,
>
> On 01/03/23 11:38 pm, Greg Kroah-Hartman wrote:
>> From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
>>
>> commit 64b88afbd92fbf434759d1896a7cf705e1c00e79 upstream.
>>
>> Previous commit fixed checking of the ERR_PTR value returned by
>> drm_gem_shmem_get_sg_table(), but it missed to zero out the shmem->pages,
>> which will crash virtio_gpu_cleanup_object(). Add the missing zeroing of
>> the shmem->pages.
>>
>> Fixes: c24968734abf ("drm/virtio: Fix NULL vs IS_ERR checking in
>> virtio_gpu_object_shmem_init")
>> Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
>> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
>> Link:
>> https://urldefense.com/v3/__http://patchwork.freedesktop.org/patch/msgid/20220630200726.1884320-2-dmitry.osipenko@collabora.com__;!!ACWV5N9M2RV99hQ!KAxF_UJ7x6SleCxrpYd8Huyt4Zj4e08fd9IUL6fl1Wneipk6_LKBnYuqQ2LK0bnvWHC6dxungVXptuvz5-4QQ2zjcq_JT1ub$
>> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
>> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>> Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
>> ---
>> drivers/gpu/drm/virtio/virtgpu_object.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> --- a/drivers/gpu/drm/virtio/virtgpu_object.c
>> +++ b/drivers/gpu/drm/virtio/virtgpu_object.c
>> @@ -159,6 +159,7 @@ static int virtio_gpu_object_shmem_init(
>> shmem->pages = drm_gem_shmem_get_sg_table(&bo->base.base);
>> if (IS_ERR(shmem->pages)) {
>> drm_gem_shmem_unpin(&bo->base.base);
>> + shmem->pages = NULL;
>> return PTR_ERR(shmem->pages);
>> }
>
> While doing static analysis with smatch on LTS-rc series I found this bug.
>
> PTR_ERR(NULL) is 1/success, so we are returning success in this case,
> which looks wrong.
>
> Only 5.10.y and 5.15.y are effected. Upstream commit b5c9ed70d1a9
> ("drm/virtio: Improve DMA API usage for shmem BOs")
> deleted this code, is present in linux-6.1.y and
> linux-6.2.y, so this problem is not in 6.1.y and 6.2.y stable releases.
>
> I have prepared a patch for fixing this, will send it out.
Thanks, that's a good catch!
--
Best regards,
Dmitry
next prev parent reply other threads:[~2023-03-02 17:16 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-01 18:08 [PATCH 5.10 00/19] 5.10.171-rc1 review Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 01/19] Fix XFRM-I support for nested ESP tunnels Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 02/19] arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 03/19] ARM: dts: rockchip: add power-domains property to dp node on rk3288 Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 04/19] ACPI: NFIT: fix a potential deadlock during NFIT teardown Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 05/19] btrfs: send: limit number of clones and allocated memory size Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 06/19] IB/hfi1: Assign npages earlier Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 07/19] neigh: make sure used and confirmed times are valid Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 08/19] HID: core: Fix deadloop in hid_apply_multiplier Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 09/19] bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 10/19] net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues() Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 11/19] vc_screen: dont clobber return value in vcs_read Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 12/19] md: Flush workqueue md_rdev_misc_wq in md_alloc() Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 13/19] scripts/tags.sh: Invoke realpath via xargs Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 14/19] scripts/tags.sh: fix incompatibility with PCRE2 Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 15/19] drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 16/19] drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling Greg Kroah-Hartman
2023-03-02 16:52 ` Harshit Mogalapalli
2023-03-02 17:16 ` Dmitry Osipenko [this message]
2023-03-01 18:08 ` [PATCH 5.10 17/19] USB: serial: option: add support for VW/Skoda "Carstick LTE" Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 18/19] usb: gadget: u_serial: Add null pointer check in gserial_resume Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 5.10 19/19] USB: core: Dont hold device lock while reading the "descriptors" sysfs file Greg Kroah-Hartman
2023-03-01 19:54 ` [PATCH 5.10 00/19] 5.10.171-rc1 review Florian Fainelli
2023-03-01 21:27 ` Slade Watkins
2023-03-01 22:03 ` Pavel Machek
2023-03-01 22:09 ` Slade Watkins
2023-03-02 5:03 ` Guenter Roeck
2023-03-02 7:39 ` Greg Kroah-Hartman
2023-03-02 1:48 ` Shuah Khan
2023-03-02 7:27 ` Jon Hunter
2023-03-02 11:34 ` Sudip Mukherjee (Codethink)
2023-03-02 12:48 ` Naresh Kamboju
2023-03-03 1:30 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0c9d2708-cd94-7a68-4f55-02b5a41e073b@collabora.com \
--to=dmitry.osipenko@collabora.com \
--cc=darren.kenny@oracle.com \
--cc=emil.l.velikov@gmail.com \
--cc=error27@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=harshit.m.mogalapalli@oracle.com \
--cc=kraxel@redhat.com \
--cc=ovidiu.panait@windriver.com \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.