From: Akhil P Oommen <akhilpo@codeaurora.org>
To: freedreno <freedreno@lists.freedesktop.org>,
dri-devel@lists.freedesktop.org, linux-arm-msm@vger.kernel.org,
Rob Clark <robdclark@gmail.com>
Cc: Jonathan Marek <jonathan@marek.ca>,
David Airlie <airlied@linux.ie>,
linux-kernel@vger.kernel.org,
Douglas Anderson <dianders@chromium.org>,
Jordan Crouse <jordan@cosmicpenguin.net>,
Matthias Kaehlcke <mka@chromium.org>, Sean Paul <sean@poorly.run>
Subject: [PATCH 2/4] drm/msm: Fix null ptr access msm_ioctl_gem_submit()
Date: Thu, 18 Nov 2021 15:50:30 +0530 [thread overview]
Message-ID: <20211118154903.2.I3ae019673a0cc45d83a193a7858748dd03dbb820@changeid> (raw)
In-Reply-To: <20211118154903.1.I2ed37cd8ad45a5a94d9de53330f973a62bd1fb29@changeid>
Fix the below null pointer dereference in msm_ioctl_gem_submit():
26545.260705: Call trace:
26545.263223: kref_put+0x1c/0x60
26545.266452: msm_ioctl_gem_submit+0x254/0x744
26545.270937: drm_ioctl_kernel+0xa8/0x124
26545.274976: drm_ioctl+0x21c/0x33c
26545.278478: drm_compat_ioctl+0xdc/0xf0
26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100
26545.287169: el0_svc_common+0xf8/0x250
26545.291025: do_el0_svc_compat+0x28/0x54
26545.295066: el0_svc_compat+0x10/0x1c
26545.298838: el0_sync_compat_handler+0xa8/0xcc
26545.303403: el0_sync_compat+0x188/0x1c0
26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008)
26545.318799: Kernel panic - not syncing: Oops: Fatal exception
Signed-off-by: Akhil P Oommen <akhilpo@codeaurora.org>
---
drivers/gpu/drm/msm/msm_gem_submit.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
index 151d19e..bf95b81 100644
--- a/drivers/gpu/drm/msm/msm_gem_submit.c
+++ b/drivers/gpu/drm/msm/msm_gem_submit.c
@@ -780,6 +780,7 @@ int msm_ioctl_gem_submit(struct drm_device *dev, void *data,
args->nr_cmds);
if (IS_ERR(submit)) {
ret = PTR_ERR(submit);
+ submit = NULL;
goto out_unlock;
}
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member
of Code Aurora Forum, hosted by The Linux Foundation.
WARNING: multiple messages have this Message-ID (diff)
From: Akhil P Oommen <akhilpo@codeaurora.org>
To: freedreno <freedreno@lists.freedesktop.org>,
dri-devel@lists.freedesktop.org, linux-arm-msm@vger.kernel.org,
Rob Clark <robdclark@gmail.com>
Cc: Jordan Crouse <jordan@cosmicpenguin.net>,
Matthias Kaehlcke <mka@chromium.org>,
Jonathan Marek <jonathan@marek.ca>,
Douglas Anderson <dianders@chromium.org>,
Daniel Vetter <daniel@ffwll.ch>, David Airlie <airlied@linux.ie>,
Sean Paul <sean@poorly.run>,
linux-kernel@vger.kernel.org
Subject: [PATCH 2/4] drm/msm: Fix null ptr access msm_ioctl_gem_submit()
Date: Thu, 18 Nov 2021 15:50:30 +0530 [thread overview]
Message-ID: <20211118154903.2.I3ae019673a0cc45d83a193a7858748dd03dbb820@changeid> (raw)
In-Reply-To: <20211118154903.1.I2ed37cd8ad45a5a94d9de53330f973a62bd1fb29@changeid>
Fix the below null pointer dereference in msm_ioctl_gem_submit():
26545.260705: Call trace:
26545.263223: kref_put+0x1c/0x60
26545.266452: msm_ioctl_gem_submit+0x254/0x744
26545.270937: drm_ioctl_kernel+0xa8/0x124
26545.274976: drm_ioctl+0x21c/0x33c
26545.278478: drm_compat_ioctl+0xdc/0xf0
26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100
26545.287169: el0_svc_common+0xf8/0x250
26545.291025: do_el0_svc_compat+0x28/0x54
26545.295066: el0_svc_compat+0x10/0x1c
26545.298838: el0_sync_compat_handler+0xa8/0xcc
26545.303403: el0_sync_compat+0x188/0x1c0
26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008)
26545.318799: Kernel panic - not syncing: Oops: Fatal exception
Signed-off-by: Akhil P Oommen <akhilpo@codeaurora.org>
---
drivers/gpu/drm/msm/msm_gem_submit.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
index 151d19e..bf95b81 100644
--- a/drivers/gpu/drm/msm/msm_gem_submit.c
+++ b/drivers/gpu/drm/msm/msm_gem_submit.c
@@ -780,6 +780,7 @@ int msm_ioctl_gem_submit(struct drm_device *dev, void *data,
args->nr_cmds);
if (IS_ERR(submit)) {
ret = PTR_ERR(submit);
+ submit = NULL;
goto out_unlock;
}
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member
of Code Aurora Forum, hosted by The Linux Foundation.
next prev parent reply other threads:[~2021-11-18 10:20 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-18 10:20 [PATCH 1/4] drm/msm: Increase gpu boost interval Akhil P Oommen
2021-11-18 10:20 ` Akhil P Oommen
2021-11-18 10:20 ` Akhil P Oommen [this message]
2021-11-18 10:20 ` [PATCH 2/4] drm/msm: Fix null ptr access msm_ioctl_gem_submit() Akhil P Oommen
2021-11-18 10:20 ` [PATCH 3/4] drm/msm/a6xx: Fix uinitialized use of gpu_scid Akhil P Oommen
2021-11-18 10:20 ` Akhil P Oommen
2021-11-18 10:20 ` [PATCH 4/4] drm/msm/a6xx: Capture gmu log in devcoredump Akhil P Oommen
2021-11-18 10:20 ` Akhil P Oommen
2021-11-18 15:42 ` kernel test robot
2021-11-18 15:42 ` kernel test robot
2021-11-18 15:42 ` kernel test robot
2021-11-22 18:26 ` Rob Clark
2021-11-22 18:26 ` Rob Clark
2021-11-22 19:06 ` Rob Clark
2021-11-22 19:06 ` Rob Clark
2021-11-23 15:38 ` Akhil P Oommen
2021-11-23 15:38 ` Akhil P Oommen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211118154903.2.I3ae019673a0cc45d83a193a7858748dd03dbb820@changeid \
--to=akhilpo@codeaurora.org \
--cc=airlied@linux.ie \
--cc=dianders@chromium.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=freedreno@lists.freedesktop.org \
--cc=jonathan@marek.ca \
--cc=jordan@cosmicpenguin.net \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mka@chromium.org \
--cc=robdclark@gmail.com \
--cc=sean@poorly.run \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.