* [PATCH 1/2] drm/msm: fix potential NULL dereference in cleanup
@ 2021-10-13 8:11 Dan Carpenter
2021-10-13 8:13 ` [PATCH 2/2] drm/msm: uninitialized variable in msm_gem_import() Dan Carpenter
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2021-10-13 8:11 UTC (permalink / raw)
To: Rob Clark
Cc: Sean Paul, David Airlie, Daniel Vetter, linux-arm-msm, dri-devel,
freedreno, kernel-janitors
The "msm_obj->node" list needs to be initialized earlier so that the
list_del() in msm_gem_free_object() doesn't experience a NULL pointer
dereference.
Fixes: 6ed0897cd800 ("drm/msm: Fix debugfs deadlock")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
drivers/gpu/drm/msm/msm_gem.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c
index 40a9863f5951..49185d524be3 100644
--- a/drivers/gpu/drm/msm/msm_gem.c
+++ b/drivers/gpu/drm/msm/msm_gem.c
@@ -1132,6 +1132,7 @@ static int msm_gem_new_impl(struct drm_device *dev,
msm_obj->flags = flags;
msm_obj->madv = MSM_MADV_WILLNEED;
+ INIT_LIST_HEAD(&msm_obj->node);
INIT_LIST_HEAD(&msm_obj->vmas);
*obj = &msm_obj->base;
--
2.20.1
^ permalink raw reply related [flat|nested] 2+ messages in thread* [PATCH 2/2] drm/msm: uninitialized variable in msm_gem_import() 2021-10-13 8:11 [PATCH 1/2] drm/msm: fix potential NULL dereference in cleanup Dan Carpenter @ 2021-10-13 8:13 ` Dan Carpenter 0 siblings, 0 replies; 2+ messages in thread From: Dan Carpenter @ 2021-10-13 8:13 UTC (permalink / raw) To: Rob Clark Cc: Sean Paul, David Airlie, Daniel Vetter, David Brown, linux-arm-msm, dri-devel, freedreno, kernel-janitors The msm_gem_new_impl() function cleans up after itself so there is no need to call drm_gem_object_put(). Conceptually, it does not make sense to call a kref_put() function until after the reference counting has been initialized which happens immediately after this call in the drm_gem_(private_)object_init() functions. In the msm_gem_import() function the "obj" pointer is uninitialized, so it will lead to a crash. Fixes: 05b849111c07 ("drm/msm: prime support") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- drivers/gpu/drm/msm/msm_gem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c index 49185d524be3..0e491cd21c53 100644 --- a/drivers/gpu/drm/msm/msm_gem.c +++ b/drivers/gpu/drm/msm/msm_gem.c @@ -1167,7 +1167,7 @@ struct drm_gem_object *msm_gem_new(struct drm_device *dev, uint32_t size, uint32 ret = msm_gem_new_impl(dev, size, flags, &obj); if (ret) - goto fail; + return ERR_PTR(ret); msm_obj = to_msm_bo(obj); @@ -1251,7 +1251,7 @@ struct drm_gem_object *msm_gem_import(struct drm_device *dev, ret = msm_gem_new_impl(dev, size, MSM_BO_WC, &obj); if (ret) - goto fail; + return ERR_PTR(ret); drm_gem_private_object_init(dev, obj, size); -- 2.20.1 ^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-10-13 8:13 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-10-13 8:11 [PATCH 1/2] drm/msm: fix potential NULL dereference in cleanup Dan Carpenter 2021-10-13 8:13 ` [PATCH 2/2] drm/msm: uninitialized variable in msm_gem_import() Dan Carpenter
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).