LinuxLists.cc - [PATCH] drm/gma500: Fix end of loop tests for list_for_each

2021-07-09 07:40:55

Subject: [PATCH] drm/gma500: Fix end of loop tests for list_for_each_entry

The list_for_each_entry() iterator, "connector" in this code, can never be
NULL. If we exit the loop without finding the correct connector then
"connector" points invalid memory that is an offset from the list head.
This will eventually lead to memory corruption and presumably a kernel
crash.

Fixes: 9bd81acdb648 ("gma500: Convert Oaktrail to work with new output handling")
Signed-off-by: Harshvardhan Jha <[email protected]>
---
From static analysis. Not tested.
---
drivers/gpu/drm/gma500/oaktrail_lvds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/gma500/oaktrail_lvds.c b/drivers/gpu/drm/gma500/oaktrail_lvds.c
index 432bdcc57ac9..a1332878857b 100644
--- a/drivers/gpu/drm/gma500/oaktrail_lvds.c
+++ b/drivers/gpu/drm/gma500/oaktrail_lvds.c
@@ -117,7 +117,7 @@ static void oaktrail_lvds_mode_set(struct drm_encoder *encoder,
continue;
}

- if (!connector) {
+ if (list_entry_is_head(connector, &mode_config->connector_list, head)) {
DRM_ERROR("Couldn't find connector when setting mode");
gma_power_end(dev);
return;
--
2.32.0

2021-07-09 08:08:34

by Daniel Vetter

[permalink] [raw]

Subject: Re: [PATCH] drm/gma500: Fix end of loop tests for list_for_each_entry

On Fri, Jul 09, 2021 at 01:09:59PM +0530, Harshvardhan Jha wrote:
> The list_for_each_entry() iterator, "connector" in this code, can never be
> NULL. If we exit the loop without finding the correct connector then
> "connector" points invalid memory that is an offset from the list head.
> This will eventually lead to memory corruption and presumably a kernel
> crash.
>
> Fixes: 9bd81acdb648 ("gma500: Convert Oaktrail to work with new output handling")
> Signed-off-by: Harshvardhan Jha <[email protected]>
> ---

The space here before the --- tripped the tooling, but I caught it :-)

Thanks for the patch, applied to drm-misc-next for 5.15.
-Daniel

> From static analysis. Not tested.
> ---
> drivers/gpu/drm/gma500/oaktrail_lvds.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/gma500/oaktrail_lvds.c b/drivers/gpu/drm/gma500/oaktrail_lvds.c
> index 432bdcc57ac9..a1332878857b 100644
> --- a/drivers/gpu/drm/gma500/oaktrail_lvds.c
> +++ b/drivers/gpu/drm/gma500/oaktrail_lvds.c
> @@ -117,7 +117,7 @@ static void oaktrail_lvds_mode_set(struct drm_encoder *encoder,
> continue;
> }
>
> - if (!connector) {
> + if (list_entry_is_head(connector, &mode_config->connector_list, head)) {
> DRM_ERROR("Couldn't find connector when setting mode");
> gma_power_end(dev);
> return;
> --
> 2.32.0
>

--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch