2019-09-18 17:40:53

by Allen

[permalink] [raw]
Subject: [PATCH] drm/radeon: fix a potential NULL pointer dereference

alloc_workqueue is not checked for errors and as a result,
a potential NULL dereference could occur.

Signed-off-by: Allen Pais <[email protected]>
---
drivers/gpu/drm/radeon/radeon_display.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
index bd52f15..1a41764 100644
--- a/drivers/gpu/drm/radeon/radeon_display.c
+++ b/drivers/gpu/drm/radeon/radeon_display.c
@@ -683,6 +683,10 @@ static void radeon_crtc_init(struct drm_device *dev, int index)
drm_mode_crtc_set_gamma_size(&radeon_crtc->base, 256);
radeon_crtc->crtc_id = index;
radeon_crtc->flip_queue = alloc_workqueue("radeon-crtc", WQ_HIGHPRI, 0);
+ if (unlikely(!radeon_crtc->flip_queue)) {
+ kfree(radeon_crtc);
+ return;
+ }
rdev->mode_info.crtcs[index] = radeon_crtc;

if (rdev->family >= CHIP_BONAIRE) {
--
1.9.1


2019-09-19 23:44:15

by Michel Dänzer

[permalink] [raw]
Subject: Re: [PATCH] drm/radeon: fix a potential NULL pointer dereference

On 2019-09-18 6:31 p.m., Allen Pais wrote:
> alloc_workqueue is not checked for errors and as a result,
> a potential NULL dereference could occur.
>
> Signed-off-by: Allen Pais <[email protected]>
> ---
> drivers/gpu/drm/radeon/radeon_display.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
> index bd52f15..1a41764 100644
> --- a/drivers/gpu/drm/radeon/radeon_display.c
> +++ b/drivers/gpu/drm/radeon/radeon_display.c
> @@ -683,6 +683,10 @@ static void radeon_crtc_init(struct drm_device *dev, int index)
> drm_mode_crtc_set_gamma_size(&radeon_crtc->base, 256);
> radeon_crtc->crtc_id = index;
> radeon_crtc->flip_queue = alloc_workqueue("radeon-crtc", WQ_HIGHPRI, 0);
> + if (unlikely(!radeon_crtc->flip_queue)) {
> + kfree(radeon_crtc);
> + return;
> + }
> rdev->mode_info.crtcs[index] = radeon_crtc;
>
> if (rdev->family >= CHIP_BONAIRE) {
>

I'm afraid just silently leaving the CRTC uninitialized isn't a good way
to handle this. The failure would need to be propagated, probably
resulting in the driver aborting its initialization altogether.


--
Earthling Michel Dänzer | https://redhat.com
Libre software enthusiast | Mesa and X developer