nouveau.lists.freedesktop.org archive mirror
 help / color / mirror / Atom feed
* [Nouveau] [PATCH] drm/nouveau/core: fix the uninitialized use in nvkm_ioctl_map()
@ 2021-06-16 22:50 Yizhuo Zhai
  2021-11-13 20:21 ` Karol Herbst
  0 siblings, 1 reply; 4+ messages in thread
From: Yizhuo Zhai @ 2021-06-16 22:50 UTC (permalink / raw)
  To: bskeggs, David Airlie, Daniel Vetter, dri-devel, nouveau, linux-kernel

In function nvkm_ioctl_map(), the variable "type" could be
uninitialized if "nvkm_object_map()" returns error code,
however, it does not check the return value and directly
use the "type" in the if statement, which is potentially
unsafe.

Signed-off-by: Yizhuo <yzhai003@ucr.edu>
---
 drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
index d777df5a64e6..7f2e8482f167 100644
--- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
+++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
@@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client,
                ret = nvkm_object_map(object, data, size, &type,
                                      &args->v0.handle,
                                      &args->v0.length);
+               if (ret)
+                       return ret;
                if (type == NVKM_OBJECT_MAP_IO)
                        args->v0.type = NVIF_IOCTL_MAP_V0_IO;
                else
-- 
2.17.1
_______________________________________________
Nouveau mailing list
Nouveau@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/nouveau

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Nouveau] [PATCH] drm/nouveau/core: fix the uninitialized use in nvkm_ioctl_map()
  2021-06-16 22:50 [Nouveau] [PATCH] drm/nouveau/core: fix the uninitialized use in nvkm_ioctl_map() Yizhuo Zhai
@ 2021-11-13 20:21 ` Karol Herbst
  2021-11-16  5:58   ` Yizhuo Zhai
  0 siblings, 1 reply; 4+ messages in thread
From: Karol Herbst @ 2021-11-13 20:21 UTC (permalink / raw)
  To: Yizhuo Zhai
  Cc: David Airlie, nouveau, LKML, dri-devel, Ben Skeggs, Daniel Vetter

something seems to have messed with the patch so it doesn't apply correctly.

On Thu, Jun 17, 2021 at 9:39 AM Yizhuo Zhai <yzhai003@ucr.edu> wrote:
>
> In function nvkm_ioctl_map(), the variable "type" could be
> uninitialized if "nvkm_object_map()" returns error code,
> however, it does not check the return value and directly
> use the "type" in the if statement, which is potentially
> unsafe.
>
> Signed-off-by: Yizhuo <yzhai003@ucr.edu>
> ---
>  drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> index d777df5a64e6..7f2e8482f167 100644
> --- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> +++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> @@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client,
>                 ret = nvkm_object_map(object, data, size, &type,
>                                       &args->v0.handle,
>                                       &args->v0.length);
> +               if (ret)
> +                       return ret;
>                 if (type == NVKM_OBJECT_MAP_IO)
>                         args->v0.type = NVIF_IOCTL_MAP_V0_IO;
>                 else
> --
> 2.17.1
>


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Nouveau] [PATCH] drm/nouveau/core: fix the uninitialized use in nvkm_ioctl_map()
  2021-11-13 20:21 ` Karol Herbst
@ 2021-11-16  5:58   ` Yizhuo Zhai
  2021-11-16 11:09     ` Karol Herbst
  0 siblings, 1 reply; 4+ messages in thread
From: Yizhuo Zhai @ 2021-11-16  5:58 UTC (permalink / raw)
  To: Karol Herbst
  Cc: David Airlie, nouveau, LKML, dri-devel, Ben Skeggs, Daniel Vetter

Hi Karol:
Thanks for the feedback, the patch might be too old to apply to the
latest code tree. Let me check and get back to you soon.

On Sat, Nov 13, 2021 at 12:22 PM Karol Herbst <kherbst@redhat.com> wrote:
>
> something seems to have messed with the patch so it doesn't apply correctly.
>
> On Thu, Jun 17, 2021 at 9:39 AM Yizhuo Zhai <yzhai003@ucr.edu> wrote:
> >
> > In function nvkm_ioctl_map(), the variable "type" could be
> > uninitialized if "nvkm_object_map()" returns error code,
> > however, it does not check the return value and directly
> > use the "type" in the if statement, which is potentially
> > unsafe.
> >
> > Signed-off-by: Yizhuo <yzhai003@ucr.edu>
> > ---
> >  drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > index d777df5a64e6..7f2e8482f167 100644
> > --- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > +++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > @@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client,
> >                 ret = nvkm_object_map(object, data, size, &type,
> >                                       &args->v0.handle,
> >                                       &args->v0.length);
> > +               if (ret)
> > +                       return ret;
> >                 if (type == NVKM_OBJECT_MAP_IO)
> >                         args->v0.type = NVIF_IOCTL_MAP_V0_IO;
> >                 else
> > --
> > 2.17.1
> >
>


-- 
Kind Regards,

Yizhuo Zhai

Computer Science, Graduate Student
University of California, Riverside

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Nouveau] [PATCH] drm/nouveau/core: fix the uninitialized use in nvkm_ioctl_map()
  2021-11-16  5:58   ` Yizhuo Zhai
@ 2021-11-16 11:09     ` Karol Herbst
  0 siblings, 0 replies; 4+ messages in thread
From: Karol Herbst @ 2021-11-16 11:09 UTC (permalink / raw)
  To: Yizhuo Zhai
  Cc: David Airlie, nouveau, LKML, dri-devel, Ben Skeggs, Daniel Vetter

On Tue, Nov 16, 2021 at 6:58 AM Yizhuo Zhai <yzhai003@ucr.edu> wrote:
>
> Hi Karol:
> Thanks for the feedback, the patch might be too old to apply to the
> latest code tree. Let me check and get back to you soon.
>

sorry, that's not what I meant. It used whitespaces instead of tabs
and the headers were also a bit broken. I just suspect that when
sending it something went wrong or so.

> On Sat, Nov 13, 2021 at 12:22 PM Karol Herbst <kherbst@redhat.com> wrote:
> >
> > something seems to have messed with the patch so it doesn't apply correctly.
> >
> > On Thu, Jun 17, 2021 at 9:39 AM Yizhuo Zhai <yzhai003@ucr.edu> wrote:
> > >
> > > In function nvkm_ioctl_map(), the variable "type" could be
> > > uninitialized if "nvkm_object_map()" returns error code,
> > > however, it does not check the return value and directly
> > > use the "type" in the if statement, which is potentially
> > > unsafe.
> > >
> > > Signed-off-by: Yizhuo <yzhai003@ucr.edu>
> > > ---
> > >  drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++
> > >  1 file changed, 2 insertions(+)
> > >
> > > diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > > b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > > index d777df5a64e6..7f2e8482f167 100644
> > > --- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > > +++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c
> > > @@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client,
> > >                 ret = nvkm_object_map(object, data, size, &type,
> > >                                       &args->v0.handle,
> > >                                       &args->v0.length);
> > > +               if (ret)
> > > +                       return ret;
> > >                 if (type == NVKM_OBJECT_MAP_IO)
> > >                         args->v0.type = NVIF_IOCTL_MAP_V0_IO;
> > >                 else
> > > --
> > > 2.17.1
> > >
> >
>
>
> --
> Kind Regards,
>
> Yizhuo Zhai
>
> Computer Science, Graduate Student
> University of California, Riverside
>


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-11-22 21:52 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-16 22:50 [Nouveau] [PATCH] drm/nouveau/core: fix the uninitialized use in nvkm_ioctl_map() Yizhuo Zhai
2021-11-13 20:21 ` Karol Herbst
2021-11-16  5:58   ` Yizhuo Zhai
2021-11-16 11:09     ` Karol Herbst

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).