drm/radeon: fix a potential NULL pointer dereference
diff mbox series

Message ID 1568824282-4081-1-git-send-email-allen.pais@oracle.com
State New
Headers show
Series
  • drm/radeon: fix a potential NULL pointer dereference
Related show

Commit Message

Allen Sept. 18, 2019, 4:31 p.m. UTC
alloc_workqueue is not checked for errors and as a result,
a potential NULL dereference could occur.

Signed-off-by: Allen Pais <allen.pais@oracle.com>
---
 drivers/gpu/drm/radeon/radeon_display.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Michel Dänzer Sept. 19, 2019, 5:11 p.m. UTC | #1
On 2019-09-18 6:31 p.m., Allen Pais wrote:
> alloc_workqueue is not checked for errors and as a result,
> a potential NULL dereference could occur.
> 
> Signed-off-by: Allen Pais <allen.pais@oracle.com>
> ---
>  drivers/gpu/drm/radeon/radeon_display.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
> index bd52f15..1a41764 100644
> --- a/drivers/gpu/drm/radeon/radeon_display.c
> +++ b/drivers/gpu/drm/radeon/radeon_display.c
> @@ -683,6 +683,10 @@ static void radeon_crtc_init(struct drm_device *dev, int index)
>  	drm_mode_crtc_set_gamma_size(&radeon_crtc->base, 256);
>  	radeon_crtc->crtc_id = index;
>  	radeon_crtc->flip_queue = alloc_workqueue("radeon-crtc", WQ_HIGHPRI, 0);
> +	if (unlikely(!radeon_crtc->flip_queue)) {
> +		kfree(radeon_crtc);
> +		return;
> +	}
>  	rdev->mode_info.crtcs[index] = radeon_crtc;
>  
>  	if (rdev->family >= CHIP_BONAIRE) {
> 

I'm afraid just silently leaving the CRTC uninitialized isn't a good way
to handle this. The failure would need to be propagated, probably
resulting in the driver aborting its initialization altogether.

Patch
diff mbox series

diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
index bd52f15..1a41764 100644
--- a/drivers/gpu/drm/radeon/radeon_display.c
+++ b/drivers/gpu/drm/radeon/radeon_display.c
@@ -683,6 +683,10 @@  static void radeon_crtc_init(struct drm_device *dev, int index)
 	drm_mode_crtc_set_gamma_size(&radeon_crtc->base, 256);
 	radeon_crtc->crtc_id = index;
 	radeon_crtc->flip_queue = alloc_workqueue("radeon-crtc", WQ_HIGHPRI, 0);
+	if (unlikely(!radeon_crtc->flip_queue)) {
+		kfree(radeon_crtc);
+		return;
+	}
 	rdev->mode_info.crtcs[index] = radeon_crtc;
 
 	if (rdev->family >= CHIP_BONAIRE) {