Received: by 10.223.185.116 with SMTP id b49csp2178073wrg; Thu, 22 Feb 2018 09:18:36 -0800 (PST) X-Google-Smtp-Source: AH8x227aDCjXbWdjMod7bcU6nW8Jvi938zs9tgzk7cRDlSmbvzOirekC0HwZRQFP+tGgsmCTr2ye X-Received: by 10.99.125.22 with SMTP id y22mr6231089pgc.125.1519319916364; Thu, 22 Feb 2018 09:18:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519319916; cv=none; d=google.com; s=arc-20160816; b=LYMgp/0oGw5+9jVy13pMJoBm3H0URD09yJatW0r7BVqltrjF5PbamjqoDnJi3y44G+ 32s7Rx9iqRY0+6N2K2ReoKweJdyfYi4Fg0Fx99biN2Pw70pf5rAHXClIqRm6S2AK0Xk0 YWoOz7aDCv8G/BjVCo6G5SNWW+2SmAAY1VroPxhStff31P69wsUuEo3P9aEdRSMW5ohh /INXopOWBoyAm8/VwUSWvhMiK+kou2IvWesUz/1nziNI9SPFEvr1XK1y6B7QJdV9SqKc cYZff077T3BLCKGmvl094cqaNzSIsEiwpLItMU+rT/ANUOLfqYgpuokdFZ3DP3S2S0VF oq1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:dkim-signature :arc-authentication-results; bh=+J3A9NQjz9C6SrwcYGZmK0hVb4bej57j0elKRtZEWPQ=; b=aeyKc1dNoERoA6LTrapFM7zVyQuzHtAMbjRECnmqPL9qP/DJhrvW4lvY8a323/5XoJ fp7EPhOOFTtO8Mf20Qgs19OgX1Wdn8M8L3gweGkwjSm9t7RN8KwB81GYuVUfSf43TRei ZVLbeZJcDXprX7uAETg67zJItRoxYDGDBXaK1OcrXqq0HScGUl7K9/CN1vKrUhieX4iy szWEV0II4FlMgobHXZajQcYOPOkTzP+qbPT+Ejfa6BhOeT7EPzBoiJHX4sLNYgVAHSo4 tnlOFZGozQ4t90v7oUCpkcP+DPxCXpL8AHUvWo5eaemUKn1Il+ETUjWCqXh1svkN0YIi Zy8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=paPlMbY/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n7si269543pga.505.2018.02.22.09.18.09; Thu, 22 Feb 2018 09:18:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=paPlMbY/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933444AbeBVRQG (ORCPT + 99 others); Thu, 22 Feb 2018 12:16:06 -0500 Received: from mail-lf0-f68.google.com ([209.85.215.68]:32909 "EHLO mail-lf0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933400AbeBVRQE (ORCPT ); Thu, 22 Feb 2018 12:16:04 -0500 Received: by mail-lf0-f68.google.com with SMTP id o145so5239694lff.0 for ; Thu, 22 Feb 2018 09:16:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=+J3A9NQjz9C6SrwcYGZmK0hVb4bej57j0elKRtZEWPQ=; b=paPlMbY/ww7qGIbxUAjtLU5Rig6/k2li0chXF7JTcO87JHlAk41A+HEYsa2j1xwhVl veE+3vZcOiWZ6YDtorRZeS57/ZmKcAx2NOhcXXay5oFvNiDZOtouHAjaeOtO2DRjuXhj IzZ3IhICefNLn5NKt/dq+99Yp4/tvhacfjeMwBGgQ7EwSi70PAiFHkVRUhMxnRkqwI+Y dAkco86gbC1+wRnPEYmYdEwpzbXlDzD5XnTkxY6VXnrEQX/jM1HHAvFdA25sTuPkqKPs OnLH+3io7RSiGEA3x1mDEY/FUUtgV1/cdbyQXZE0ewGHmN39eqXmLZ8zZtXL5sylbRcI iaJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=+J3A9NQjz9C6SrwcYGZmK0hVb4bej57j0elKRtZEWPQ=; b=rvjbQmBN1nYzFAsYkIUJTC49VEOrHvFu17jZjspWSyqMPMqu4k0ktyxJJLTLfphWNY uOqhxwWoTaP51SYb9/OvSlQXr7imVR65TUxRdxYQKESwMHpa4cORGC1hZ/2AuaWOsVMe eSbxH3LjkOFfEVohk4dWd0TLVO6XLqyupMPEuA/e3WcmW6Z/JL53CAgrNBuEKC5aZYQj f1pnt/ti+rYg9PXJEttMip+o4t621LvraJ61Rxm2T7qSZvzNOpDGXCyWnFd2Hbj8ai3O 1GwbSm2GI+a7mSLdB42mcRf1hnpoxrk8i3TnIqqUBpfjKfI0tULeIvJFnUoBdJ4gqsDo Cebg== X-Gm-Message-State: APf1xPAok++Oli4ikFX63n7xQyz/lDG94Geus+yaDxDv0KT8NjYl1YFK gKZTlD+W8eD59MZwJmpB7h4= X-Received: by 10.46.33.86 with SMTP id h83mr4893867ljh.54.1519319763125; Thu, 22 Feb 2018 09:16:03 -0800 (PST) Received: from [192.168.0.20] (88-38-94-178.pool.ukrtel.net. [178.94.38.88]) by smtp.googlemail.com with ESMTPSA id q63sm102229ljq.17.2018.02.22.09.16.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Feb 2018 09:16:02 -0800 (PST) Subject: Re: [PATCH v1] drm/simple_kms_helper: Fix NULL pointer dereference with no active CRTC To: Oleksandr Andrushchenko , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, daniel.vetter@intel.com, airlied@linux.ie References: <1519279759-7803-1-git-send-email-andr2000@gmail.com> <1f051697-468d-76b9-a2be-16a281f57249@epam.com> <20180222161128.GC6419@phenom.ffwll.local> From: Oleksandr Andrushchenko Message-ID: Date: Thu, 22 Feb 2018 19:16:01 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180222161128.GC6419@phenom.ffwll.local> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/22/2018 06:11 PM, Daniel Vetter wrote: > On Thu, Feb 22, 2018 at 08:12:48AM +0200, Oleksandr Andrushchenko wrote: >> On 02/22/2018 08:09 AM, Oleksandr Andrushchenko wrote: >>> From: Oleksandr Andrushchenko >>> >>> It is possible that drm_simple_kms_plane_atomic_check called >>> with no CRTC set, e.g. when user-space application sets CRTC_ID/FB_ID >>> to 0 before doing any actual drawing. This leads to NULL pointer >>> dereference because in this case new CRTC state is NULL and must be >>> checked before accessing. >>> >>> Signed-off-by: Oleksandr Andrushchenko >>> Reviewed-by: Daniel Vetter >>> >>> --- >>> Changes since initial: >>> - re-worked checks for null CRTC as suggested by Daniel Vetter >>> --- >>> drivers/gpu/drm/drm_simple_kms_helper.c | 10 +++------- >>> 1 file changed, 3 insertions(+), 7 deletions(-) >>> >>> diff --git a/drivers/gpu/drm/drm_simple_kms_helper.c b/drivers/gpu/drm/drm_simple_kms_helper.c >>> index 9ca8a4a59b74..4a1dbd88b1ec 100644 >>> --- a/drivers/gpu/drm/drm_simple_kms_helper.c >>> +++ b/drivers/gpu/drm/drm_simple_kms_helper.c >>> @@ -121,12 +121,6 @@ static int drm_simple_kms_plane_atomic_check(struct drm_plane *plane, >>> pipe = container_of(plane, struct drm_simple_display_pipe, plane); >>> crtc_state = drm_atomic_get_new_crtc_state(plane_state->state, >>> &pipe->crtc); >>> - if (!crtc_state->enable) >>> - return 0; /* nothing to check when disabling or disabled */ >>> - >>> - if (crtc_state->enable) >>> - drm_mode_get_hv_timing(&crtc_state->mode, >>> - &clip.x2, &clip.y2); >>> ret = drm_atomic_helper_check_plane_state(plane_state, crtc_state, >>> &clip, >>> @@ -137,7 +131,9 @@ static int drm_simple_kms_plane_atomic_check(struct drm_plane *plane, >>> return ret; >>> if (!plane_state->visible) >>> - return -EINVAL; >> Daniel, I have put your R-b tag, but I had removed suggested >> "WARN_ON(crtc_state && crtc_state->enable);" >> here as it fires each time when crtc_state is not NULL. >> Please let me know if this is not ok and you want me to remove >> your R-b tag. > I'm a bit confused why that fires, but oh well. Applied, thanks for your > patch. Thank you > -Daniel > >>> + return 0; >>> + >>> + drm_mode_get_hv_timing(&crtc_state->mode, &clip.x2, &clip.y2); >>> if (!pipe->funcs || !pipe->funcs->check) >>> return 0; >> Thank you, >> Oleksandr >> _______________________________________________ >> dri-devel mailing list >> dri-devel@lists.freedesktop.org >> https://lists.freedesktop.org/mailman/listinfo/dri-devel