Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp1965421ima; Thu, 25 Oct 2018 07:40:40 -0700 (PDT) X-Google-Smtp-Source: AJdET5e/qBIszqaPhwZcHC+QGrIjsT3xDTLCFDJremjgOpYfxRnQOma2o30PXU253nH5lA+r4Gbf X-Received: by 2002:a17:902:62:: with SMTP id 89-v6mr1782138pla.298.1540478440390; Thu, 25 Oct 2018 07:40:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540478440; cv=none; d=google.com; s=arc-20160816; b=cB4lCi3vqisZoVzneAfxa9nK1vRD+GDkc6BiIa/muGOO5JZXZBs4hAmbDUYlROqxta rJ8zQTWqCuu+GnqlODN/k9wCdzexO1AZ0PYl8afnPpuZHpaWyBm3VcFPh1zNObDXrFiz SDSkpl030S/UM47qG5ff+w5wPp/jHyHgxEb85c+hgu1lzRfhX+0CNXb5TvBi1pspspVk v6nbfyFHR4vf6Czw0zzC5IWSicYEOpxKOwKAP15SYX/MWzD9CoEFfh08NYrMXhMYQlU3 YGdkffULtNRtbJvfUXgfoJRNoz5Y9HeHZ90xd2fSng6QiA5rCTkFTFZv/WdijS3zKANw qtQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=+bzuTj08OskqPRFYX2CYV5XyAbpCUgInuUNNf9KenPQ=; b=xHa16RatmillE1TOsJC1++q6R+KdtRn3tcgJp+7K/XVGKTFbbfk6dDvHp+ywQZYeBl KmCKj38X71wFB6slKXc2jCuETHryODYp7F7i9MknY/9gvS1OcQIVS+nUQCVl7gpUQd1B Ah1RvxzeRVZTZ4bIB5BUAxMspMm1+yvMVWhcAA3QRnHRxS+Lp5bMO9I1dKgqCR4f+D4y mkF6AiLNK0t5phjaNn+T+JQ440rMzVlE27RRR/I0V+q1s4C2IS6WFQLgCCeVO69JDhVo uKdM9wBQco0mvmMgziDxhO2MQU0oWX17Pjg5wWtGdHGX38LLWSScEaknvcMIpOuMnrBj Dqdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bsex3l1h; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 14-v6si285535pfw.217.2018.10.25.07.40.23; Thu, 25 Oct 2018 07:40:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bsex3l1h; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729287AbeJYWtM (ORCPT + 99 others); Thu, 25 Oct 2018 18:49:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:58212 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728155AbeJYWtL (ORCPT ); Thu, 25 Oct 2018 18:49:11 -0400 Received: from sasha-vm.mshome.net (unknown [167.98.65.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 50EBF20854; Thu, 25 Oct 2018 14:16:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1540476974; bh=KhME3cJQXf6kKyu8q6gImjGt3dDN6PXYaS+s390rP44=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bsex3l1hGDPh4Yh6g5v43OUYOuR3N/vAamM7IaixaTyKNabtWEwVb4piy60ssdzwF UqwuIDQXiJR7lUuVfU8bIbxIvXHmgaRmvLVt7e6xXq58gk3rTaL1iOuSFbzFBOiKwc G5MlVbKvUYvnD7NH2iZ9b9uk4vcEo3ixYt1hf3/E= From: Sasha Levin To: stable@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Ben Hutchings , Rob Clark , Sasha Levin Subject: [PATCH AUTOSEL 4.9 75/98] drm/msm: Fix possible null dereference on failure of get_pages() Date: Thu, 25 Oct 2018 10:14:00 -0400 Message-Id: <20181025141423.213774-75-sashal@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181025141423.213774-1-sashal@kernel.org> References: <20181025141423.213774-1-sashal@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ben Hutchings [ Upstream commit 3976626ea3d2011f8fd3f3a47070a8b792018253 ] Commit 62e3a3e342af changed get_pages() to initialise msm_gem_object::pages before trying to initialise msm_gem_object::sgt, so that put_pages() would properly clean up pages in the failure case. However, this means that put_pages() now needs to check that msm_gem_object::sgt is not null before trying to clean it up, and this check was only applied to part of the cleanup code. Move it all into the conditional block. (Strictly speaking we don't need to make the kfree() conditional, but since we can't avoid checking for null ourselves we may as well do so.) Fixes: 62e3a3e342af ("drm/msm: fix leak in failed get_pages") Signed-off-by: Ben Hutchings Reviewed-by: Jordan Crouse Signed-off-by: Rob Clark Signed-off-by: Sasha Levin --- drivers/gpu/drm/msm/msm_gem.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c index 7145127513c4..795660e29b2c 100644 --- a/drivers/gpu/drm/msm/msm_gem.c +++ b/drivers/gpu/drm/msm/msm_gem.c @@ -118,17 +118,19 @@ static void put_pages(struct drm_gem_object *obj) struct msm_gem_object *msm_obj = to_msm_bo(obj); if (msm_obj->pages) { - /* For non-cached buffers, ensure the new pages are clean - * because display controller, GPU, etc. are not coherent: - */ - if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) - dma_unmap_sg(obj->dev->dev, msm_obj->sgt->sgl, - msm_obj->sgt->nents, DMA_BIDIRECTIONAL); + if (msm_obj->sgt) { + /* For non-cached buffers, ensure the new + * pages are clean because display controller, + * GPU, etc. are not coherent: + */ + if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) + dma_unmap_sg(obj->dev->dev, msm_obj->sgt->sgl, + msm_obj->sgt->nents, + DMA_BIDIRECTIONAL); - if (msm_obj->sgt) sg_free_table(msm_obj->sgt); - - kfree(msm_obj->sgt); + kfree(msm_obj->sgt); + } if (use_pages(obj)) drm_gem_put_pages(obj, msm_obj->pages, true, false); -- 2.17.1