From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1946857AbdEZFwW (ORCPT ); Fri, 26 May 2017 01:52:22 -0400 Received: from bombadil.infradead.org ([65.50.211.133]:32978 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965226AbdEZFwV (ORCPT ); Fri, 26 May 2017 01:52:21 -0400 Date: Thu, 25 May 2017 22:52:18 -0700 From: Christoph Hellwig To: jeffy Cc: Sean Paul , linux-kernel@vger.kernel.org, tfiga@chromium.org, Mark Yao , Heiko Stuebner , dri-devel@lists.freedesktop.org, linux-rockchip@lists.infradead.org, David Airlie , linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH] drm/rockchip: Don't allow zero sized gem buffer Message-ID: <20170526055218.GA23802@infradead.org> References: <1495521583-29151-1-git-send-email-jeffy.chen@rock-chips.com> <20170525153045.7svkkmfsqbqkfacp@art_vandelay> <59279331.3050402@rock-chips.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <59279331.3050402@rock-chips.com> User-Agent: Mutt/1.8.0 (2017-02-23) X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 26, 2017 at 10:30:09AM +0800, jeffy wrote: > Hi sean, > > On 05/25/2017 11:30 PM, Sean Paul wrote: > > On Tue, May 23, 2017 at 02:39:43PM +0800, Jeffy Chen wrote: > > > The system would crash when trying to alloc zero sized gem buffer: > > > [ 6.712435] Unable to handle kernel NULL pointer dereference at virtual address 00000010 <--ZERO_SIZE_PTR > > > ... > > > [ 6.757502] PC is at sg_alloc_table_from_pages+0x170/0x1ec > > > > It's unfortunate that you didn't include the entire stack trace. From code > > inspection, it seems like the 0 size comes from the fb_probe path? Is there > > somewhere in the helpers that you could check the mode is sane so all drivers > > can benefit? > > hmm, sorry, i was testing it on chromeos 4.4 kernel, it turns out that we > have a custom ioctl for userspace to create gem buffer(the same as exynos > drm), which might get the the 0 size. > > but on upstream kernel, it could only be called by dump_create, and the > drm_mode_create_dumb_ioctl already did the size check. > > will resent this patch, and rewrite the commit message, thanx. That suggests that this patch isn't needed at all.