* [PATCH] In function nvkm_ioctl_map(), the variable "type" could be uninitialized if "nvkm_object_map()" returns error code, however, it does not check the return value and directly use the "type" in the if statement, which is potentially unsafe.
@ 2021-11-16 7:07 Yizhuo Zhai
2021-11-16 7:07 ` Yizhuo Zhai
2021-11-16 21:17 ` Lyude Paul
0 siblings, 2 replies; 4+ messages in thread
From: Yizhuo Zhai @ 2021-11-16 7:07 UTC (permalink / raw)
Cc: David Airlie, nouveau, linux-kernel, dri-devel, Yizhuo Zhai, Ben Skeggs
Fixes:01326050391ce("drm/nouveau/core/object: allow arguments to
be passed to map function")
Signed-off-by: Yizhuo Zhai <yzhai003@ucr.edu>
---
drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
index 735cb6816f10..4264d9d79783 100644
--- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
+++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
@@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client,
ret = nvkm_object_map(object, data, size, &type,
&args->v0.handle,
&args->v0.length);
+ if (ret)
+ return ret;
if (type == NVKM_OBJECT_MAP_IO)
args->v0.type = NVIF_IOCTL_MAP_V0_IO;
else
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] In function nvkm_ioctl_map(), the variable "type" could be uninitialized if "nvkm_object_map()" returns error code, however, it does not check the return value and directly use the "type" in the if statement, which is potentially unsafe.
2021-11-16 7:07 [PATCH] In function nvkm_ioctl_map(), the variable "type" could be uninitialized if "nvkm_object_map()" returns error code, however, it does not check the return value and directly use the "type" in the if statement, which is potentially unsafe Yizhuo Zhai
@ 2021-11-16 7:07 ` Yizhuo Zhai
2021-11-16 21:17 ` Lyude Paul
1 sibling, 0 replies; 4+ messages in thread
From: Yizhuo Zhai @ 2021-11-16 7:07 UTC (permalink / raw)
Cc: David Airlie, nouveau, linux-kernel, dri-devel, Yizhuo Zhai, Ben Skeggs
Fixes:01326050391ce("drm/nouveau/core/object: allow arguments to
be passed to map function")
Signed-off-by: Yizhuo Zhai <yzhai003@ucr.edu>
---
drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
index 735cb6816f10..4264d9d79783 100644
--- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
+++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
@@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client,
ret = nvkm_object_map(object, data, size, &type,
&args->v0.handle,
&args->v0.length);
+ if (ret)
+ return ret;
if (type == NVKM_OBJECT_MAP_IO)
args->v0.type = NVIF_IOCTL_MAP_V0_IO;
else
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] In function nvkm_ioctl_map(), the variable "type" could be uninitialized if "nvkm_object_map()" returns error code, however, it does not check the return value and directly use the "type" in the if statement, which is potentially unsafe.
2021-11-16 7:07 [PATCH] In function nvkm_ioctl_map(), the variable "type" could be uninitialized if "nvkm_object_map()" returns error code, however, it does not check the return value and directly use the "type" in the if statement, which is potentially unsafe Yizhuo Zhai
2021-11-16 7:07 ` Yizhuo Zhai
@ 2021-11-16 21:17 ` Lyude Paul
2021-12-18 2:58 ` Yizhuo Zhai
1 sibling, 1 reply; 4+ messages in thread
From: Lyude Paul @ 2021-11-16 21:17 UTC (permalink / raw)
To: Yizhuo Zhai; +Cc: David Airlie, nouveau, linux-kernel, dri-devel, Ben Skeggs
This is a very long patch name, it should probably be shorter and the
details in the patch title moved into the actual commit description
instead. Also a couple of things aren't formatted correctly:
* Cc tag for stable is missing, see
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
* Fixes tag isn't formatted properly
I generally recommend using `dim fixes` from
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
in order to get the correct stable kernel CC tag and Fixes: tag (you can
drop any of the Ccs it gives you beyond the one to stable at vger dot
kernel dot org.
Also, if you could try to Cc: me on the next version - will help me
respond faster :).
On Mon, 2021-11-15 at 23:07 -0800, Yizhuo Zhai wrote:
> Fixes:01326050391ce("drm/nouveau/core/object: allow arguments to
> be passed to map function")
> Signed-off-by: Yizhuo Zhai <yzhai003@ucr.edu>
> ---
> drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> index 735cb6816f10..4264d9d79783 100644
> --- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> +++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> @@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client,
> ret = nvkm_object_map(object, data, size, &type,
> &args->v0.handle,
> &args->v0.length);
> + if (ret)
> + return ret;
> if (type == NVKM_OBJECT_MAP_IO)
> args->v0.type = NVIF_IOCTL_MAP_V0_IO;
> else
--
Cheers,
Lyude Paul (she/her)
Software Engineer at Red Hat
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] In function nvkm_ioctl_map(), the variable "type" could be uninitialized if "nvkm_object_map()" returns error code, however, it does not check the return value and directly use the "type" in the if statement, which is potentially unsafe.
2021-11-16 21:17 ` Lyude Paul
@ 2021-12-18 2:58 ` Yizhuo Zhai
0 siblings, 0 replies; 4+ messages in thread
From: Yizhuo Zhai @ 2021-12-18 2:58 UTC (permalink / raw)
To: Lyude Paul
Cc: David Airlie, nouveau, Linux Kernel Mailing List, dri-devel, Ben Skeggs
Hi Lyude:
I appreciate your feedback and I misplaced the commit message to the
title, I have modified it and resend the patch.
I made my linux development tree a mess, so I sent a brandly new one
and cc you. Thanks again for your help: )
On Tue, Nov 16, 2021 at 1:18 PM Lyude Paul <lyude@redhat.com> wrote:
>
> This is a very long patch name, it should probably be shorter and the
> details in the patch title moved into the actual commit description
> instead. Also a couple of things aren't formatted correctly:
>
> * Cc tag for stable is missing, see
> https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
> * Fixes tag isn't formatted properly
>
> I generally recommend using `dim fixes` from
> https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
> in order to get the correct stable kernel CC tag and Fixes: tag (you can
> drop any of the Ccs it gives you beyond the one to stable at vger dot
> kernel dot org.
>
> Also, if you could try to Cc: me on the next version - will help me
> respond faster :).
>
> On Mon, 2021-11-15 at 23:07 -0800, Yizhuo Zhai wrote:
> > Fixes:01326050391ce("drm/nouveau/core/object: allow arguments to
> > be passed to map function")
> > Signed-off-by: Yizhuo Zhai <yzhai003@ucr.edu>
> > ---
> > drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > index 735cb6816f10..4264d9d79783 100644
> > --- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > +++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > @@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client,
> > ret = nvkm_object_map(object, data, size, &type,
> > &args->v0.handle,
> > &args->v0.length);
> > + if (ret)
> > + return ret;
> > if (type == NVKM_OBJECT_MAP_IO)
> > args->v0.type = NVIF_IOCTL_MAP_V0_IO;
> > else
>
> --
> Cheers,
> Lyude Paul (she/her)
> Software Engineer at Red Hat
>
--
Kind Regards,
Yizhuo Zhai
Computer Science, Graduate Student
University of California, Riverside
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-12-18 2:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-16 7:07 [PATCH] In function nvkm_ioctl_map(), the variable "type" could be uninitialized if "nvkm_object_map()" returns error code, however, it does not check the return value and directly use the "type" in the if statement, which is potentially unsafe Yizhuo Zhai
2021-11-16 7:07 ` Yizhuo Zhai
2021-11-16 21:17 ` Lyude Paul
2021-12-18 2:58 ` Yizhuo Zhai
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).