From: Akhil P Oommen <akhilpo@codeaurora.org>
To: freedreno <freedreno@lists.freedesktop.org>,
dri-devel@lists.freedesktop.org, linux-arm-msm@vger.kernel.org,
Rob Clark <robdclark@gmail.com>
Cc: Douglas Anderson <dianders@chromium.org>,
Jordan Crouse <jordan@cosmicpenguin.net>,
Matthias Kaehlcke <mka@chromium.org>,
Jonathan Marek <jonathan@marek.ca>,
Daniel Vetter <daniel@ffwll.ch>, David Airlie <airlied@linux.ie>,
Sean Paul <sean@poorly.run>,
linux-kernel@vger.kernel.org
Subject: [PATCH v2 2/6] drm/msm: Fix null ptr dereference in msm_ioctl_gem_submit()
Date: Wed, 24 Nov 2021 02:47:51 +0530 [thread overview]
Message-ID: <20211124024436.v2.2.I3ae019673a0cc45d83a193a7858748dd03dbb820@changeid> (raw)
In-Reply-To: <20211124024436.v2.1.I2ed37cd8ad45a5a94d9de53330f973a62bd1fb29@changeid>
Fix the below null pointer dereference in msm_ioctl_gem_submit():
26545.260705: Call trace:
26545.263223: kref_put+0x1c/0x60
26545.266452: msm_ioctl_gem_submit+0x254/0x744
26545.270937: drm_ioctl_kernel+0xa8/0x124
26545.274976: drm_ioctl+0x21c/0x33c
26545.278478: drm_compat_ioctl+0xdc/0xf0
26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100
26545.287169: el0_svc_common+0xf8/0x250
26545.291025: do_el0_svc_compat+0x28/0x54
26545.295066: el0_svc_compat+0x10/0x1c
26545.298838: el0_sync_compat_handler+0xa8/0xcc
26545.303403: el0_sync_compat+0x188/0x1c0
26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008)
26545.313703: ---[ end trace 5c93eb55e485b259 ]---
26545.318799: Kernel panic - not syncing: Oops: Fatal exception
Signed-off-by: Akhil P Oommen <akhilpo@codeaurora.org>
---
(no changes since v1)
drivers/gpu/drm/msm/msm_gem_submit.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
index ac23bbd..88a6cd5 100644
--- a/drivers/gpu/drm/msm/msm_gem_submit.c
+++ b/drivers/gpu/drm/msm/msm_gem_submit.c
@@ -780,6 +780,7 @@ int msm_ioctl_gem_submit(struct drm_device *dev, void *data,
args->nr_cmds);
if (IS_ERR(submit)) {
ret = PTR_ERR(submit);
+ submit = NULL;
goto out_unlock;
}
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member
of Code Aurora Forum, hosted by The Linux Foundation.
WARNING: multiple messages have this Message-ID (diff)
From: Akhil P Oommen <akhilpo@codeaurora.org>
To: freedreno <freedreno@lists.freedesktop.org>,
dri-devel@lists.freedesktop.org, linux-arm-msm@vger.kernel.org,
Rob Clark <robdclark@gmail.com>
Cc: Jonathan Marek <jonathan@marek.ca>,
David Airlie <airlied@linux.ie>,
linux-kernel@vger.kernel.org,
Douglas Anderson <dianders@chromium.org>,
Jordan Crouse <jordan@cosmicpenguin.net>,
Matthias Kaehlcke <mka@chromium.org>, Sean Paul <sean@poorly.run>
Subject: [PATCH v2 2/6] drm/msm: Fix null ptr dereference in msm_ioctl_gem_submit()
Date: Wed, 24 Nov 2021 02:47:51 +0530 [thread overview]
Message-ID: <20211124024436.v2.2.I3ae019673a0cc45d83a193a7858748dd03dbb820@changeid> (raw)
In-Reply-To: <20211124024436.v2.1.I2ed37cd8ad45a5a94d9de53330f973a62bd1fb29@changeid>
Fix the below null pointer dereference in msm_ioctl_gem_submit():
26545.260705: Call trace:
26545.263223: kref_put+0x1c/0x60
26545.266452: msm_ioctl_gem_submit+0x254/0x744
26545.270937: drm_ioctl_kernel+0xa8/0x124
26545.274976: drm_ioctl+0x21c/0x33c
26545.278478: drm_compat_ioctl+0xdc/0xf0
26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100
26545.287169: el0_svc_common+0xf8/0x250
26545.291025: do_el0_svc_compat+0x28/0x54
26545.295066: el0_svc_compat+0x10/0x1c
26545.298838: el0_sync_compat_handler+0xa8/0xcc
26545.303403: el0_sync_compat+0x188/0x1c0
26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008)
26545.313703: ---[ end trace 5c93eb55e485b259 ]---
26545.318799: Kernel panic - not syncing: Oops: Fatal exception
Signed-off-by: Akhil P Oommen <akhilpo@codeaurora.org>
---
(no changes since v1)
drivers/gpu/drm/msm/msm_gem_submit.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
index ac23bbd..88a6cd5 100644
--- a/drivers/gpu/drm/msm/msm_gem_submit.c
+++ b/drivers/gpu/drm/msm/msm_gem_submit.c
@@ -780,6 +780,7 @@ int msm_ioctl_gem_submit(struct drm_device *dev, void *data,
args->nr_cmds);
if (IS_ERR(submit)) {
ret = PTR_ERR(submit);
+ submit = NULL;
goto out_unlock;
}
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member
of Code Aurora Forum, hosted by The Linux Foundation.
next prev parent reply other threads:[~2021-11-23 21:21 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-23 21:17 [PATCH v2 1/6] drm/msm: Increase gpu boost interval Akhil P Oommen
2021-11-23 21:17 ` Akhil P Oommen
2021-11-23 21:17 ` Akhil P Oommen [this message]
2021-11-23 21:17 ` [PATCH v2 2/6] drm/msm: Fix null ptr dereference in msm_ioctl_gem_submit() Akhil P Oommen
2021-11-23 21:17 ` [PATCH v2 3/6] drm/msm/a6xx: Fix smatch warning for gpu_scid Akhil P Oommen
2021-11-23 21:17 ` Akhil P Oommen
2021-11-23 21:17 ` [PATCH v2 4/6] drm/msm/a6xx: Capture gmu log in devcoredump Akhil P Oommen
2021-11-23 21:17 ` Akhil P Oommen
2021-11-23 23:03 ` Bjorn Andersson
2021-11-23 23:03 ` Bjorn Andersson
2021-11-24 10:20 ` Akhil P Oommen
2021-11-24 10:20 ` Akhil P Oommen
2021-11-23 21:17 ` [PATCH v2 5/6] drm/msm: Add a module param to force coredump Akhil P Oommen
2021-11-23 21:17 ` Akhil P Oommen
2021-11-23 21:17 ` [PATCH v2 6/6] drm/msm/a6xx: Add a few gmu buffers to coredump Akhil P Oommen
2021-11-23 21:17 ` Akhil P Oommen
2021-11-23 21:36 ` Akhil P Oommen
2021-11-23 21:36 ` Akhil P Oommen
2021-11-24 8:12 ` kernel test robot
2021-11-24 8:12 ` kernel test robot
2021-11-24 8:12 ` kernel test robot
2021-11-24 12:28 ` kernel test robot
2021-11-24 12:28 ` kernel test robot
2021-11-24 12:28 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211124024436.v2.2.I3ae019673a0cc45d83a193a7858748dd03dbb820@changeid \
--to=akhilpo@codeaurora.org \
--cc=airlied@linux.ie \
--cc=daniel@ffwll.ch \
--cc=dianders@chromium.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=freedreno@lists.freedesktop.org \
--cc=jonathan@marek.ca \
--cc=jordan@cosmicpenguin.net \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mka@chromium.org \
--cc=robdclark@gmail.com \
--cc=sean@poorly.run \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.