All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] m501fb: don't return zero on failure path in sm501fb_start()
@ 2017-04-29 19:33   ` Alexey Khoroshilov
  0 siblings, 0 replies; 4+ messages in thread
From: Alexey Khoroshilov @ 2017-04-29 19:33 UTC (permalink / raw)
  To: Bartlomiej Zolnierkiewicz, Tomi Valkeinen
  Cc: Alexey Khoroshilov, linux-fbdev, linux-kernel, ldv-project

If fbmem iomemory mapping failed, sm501fb_start() breaks off
initialization, deallocates resources, but returns zero.
As a result, double deallocation can happen in sm501fb_stop().

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
---
 drivers/video/fbdev/sm501fb.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/video/fbdev/sm501fb.c b/drivers/video/fbdev/sm501fb.c
index d80bc8a3200f..67e314fdd947 100644
--- a/drivers/video/fbdev/sm501fb.c
+++ b/drivers/video/fbdev/sm501fb.c
@@ -1600,6 +1600,7 @@ static int sm501fb_start(struct sm501fb_info *info,
 	info->fbmem = ioremap(res->start, resource_size(res));
 	if (info->fbmem == NULL) {
 		dev_err(dev, "cannot remap framebuffer\n");
+		ret = -ENXIO;
 		goto err_mem_res;
 	}
 
-- 
2.7.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH] m501fb: don't return zero on failure path in sm501fb_start()
@ 2017-04-29 19:33   ` Alexey Khoroshilov
  0 siblings, 0 replies; 4+ messages in thread
From: Alexey Khoroshilov @ 2017-04-29 19:33 UTC (permalink / raw)
  To: Bartlomiej Zolnierkiewicz, Tomi Valkeinen
  Cc: Alexey Khoroshilov, linux-fbdev, linux-kernel, ldv-project

If fbmem iomemory mapping failed, sm501fb_start() breaks off
initialization, deallocates resources, but returns zero.
As a result, double deallocation can happen in sm501fb_stop().

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
---
 drivers/video/fbdev/sm501fb.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/video/fbdev/sm501fb.c b/drivers/video/fbdev/sm501fb.c
index d80bc8a3200f..67e314fdd947 100644
--- a/drivers/video/fbdev/sm501fb.c
+++ b/drivers/video/fbdev/sm501fb.c
@@ -1600,6 +1600,7 @@ static int sm501fb_start(struct sm501fb_info *info,
 	info->fbmem = ioremap(res->start, resource_size(res));
 	if (info->fbmem = NULL) {
 		dev_err(dev, "cannot remap framebuffer\n");
+		ret = -ENXIO;
 		goto err_mem_res;
 	}
 
-- 
2.7.4


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] m501fb: don't return zero on failure path in sm501fb_start()
  2017-04-29 19:33   ` Alexey Khoroshilov
@ 2017-05-02 11:29     ` Bartlomiej Zolnierkiewicz
  -1 siblings, 0 replies; 4+ messages in thread
From: Bartlomiej Zolnierkiewicz @ 2017-05-02 11:29 UTC (permalink / raw)
  To: Alexey Khoroshilov; +Cc: Tomi Valkeinen, linux-fbdev, linux-kernel, ldv-project

On Saturday, April 29, 2017 09:33:39 PM Alexey Khoroshilov wrote:
> If fbmem iomemory mapping failed, sm501fb_start() breaks off
> initialization, deallocates resources, but returns zero.
> As a result, double deallocation can happen in sm501fb_stop().
> 
> Found by Linux Driver Verification project (linuxtesting.org).
> 
> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>

Patch queued for 4.12, thanks.

Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] m501fb: don't return zero on failure path in sm501fb_start()
@ 2017-05-02 11:29     ` Bartlomiej Zolnierkiewicz
  0 siblings, 0 replies; 4+ messages in thread
From: Bartlomiej Zolnierkiewicz @ 2017-05-02 11:29 UTC (permalink / raw)
  To: Alexey Khoroshilov; +Cc: Tomi Valkeinen, linux-fbdev, linux-kernel, ldv-project

On Saturday, April 29, 2017 09:33:39 PM Alexey Khoroshilov wrote:
> If fbmem iomemory mapping failed, sm501fb_start() breaks off
> initialization, deallocates resources, but returns zero.
> As a result, double deallocation can happen in sm501fb_stop().
> 
> Found by Linux Driver Verification project (linuxtesting.org).
> 
> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>

Patch queued for 4.12, thanks.

Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-05-02 11:29 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CGME20170429193354epcas1p49764e384389a15121894ef6a032b791f@epcas1p4.samsung.com>
2017-04-29 19:33 ` [PATCH] m501fb: don't return zero on failure path in sm501fb_start() Alexey Khoroshilov
2017-04-29 19:33   ` Alexey Khoroshilov
2017-05-02 11:29   ` Bartlomiej Zolnierkiewicz
2017-05-02 11:29     ` Bartlomiej Zolnierkiewicz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.