Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp37261imu; Thu, 8 Nov 2018 14:19:35 -0800 (PST) X-Google-Smtp-Source: AJdET5eyfRlkqMNinIhJvW6dQt6Ni9RnjFjR1HJCZL9eUiMKJey6ExmXb33yoovvF+1xa+g5sBuW X-Received: by 2002:a62:2e04:: with SMTP id u4-v6mr6486179pfu.229.1541715575115; Thu, 08 Nov 2018 14:19:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541715575; cv=none; d=google.com; s=arc-20160816; b=il51XQ1FbC5aHZCHoHbYUfdr7NOON8aLpblUwWexzC01gbuJKtSo12BJ7gqcaqwBB+ C0M7zkG6PGoF0ts6a4zEtz9V7CbqgcmBsayw1kjL4gXZk7M4yp0vJMmewzo+TelenVW4 BONJeihnFlZ75omEu4pa+SXz8SMWkI1GdiCx9rpQR8DEOYpPLru6jw7TVCpj9qlvpOYu oT47HlOrJTzfX/T5xnACWRJGC22tUP4A5/oDdV1Bcb2BWsbAKz6UEVQWRlqfDK9u8Spf fa4G97dk5zuUsDqTIKSpk2jMRWBCfVo73VpyDYDwPEAZhfB5RQkSkN2ICnNZEK20NB42 N/AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=5w6tCvu4UozEsA+/zuRsTGKXcpFCyHXHug6Pfp+6s1w=; b=cshLmcD5H3TyYoETu5B0WvNXV0FkJa6w2Qt54ojZ++4CbWjL780cyvuXKPOGwai498 q63G4NKtcwOAA8UtIARevOxX4w0OBv+8a+ZN5RRLYAZhFyIaQmLRfANLa4pSpYUAIPeO jiRiqck9TUtkjPJ56M26gRkMhVQEMd4ckWLOvpQbCggJDQ6J3NyeXxrBqLb6BSsbaDTU PugCU+8XrKhoNJicDxbexSTFM0w5Zpett06E6Xc1d2C+pzyidr2/FFJ5BlNfcB2QMK5r Bqd+vNdVZDdw0+kYvuCzdBbot+5DuNzdsuRp8Om8UGWhMx6UofjaUu007ZbkE8LRPqnv ds/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=gVJlsU2P; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j3-v6si5320774plk.23.2018.11.08.14.19.20; Thu, 08 Nov 2018 14:19:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=gVJlsU2P; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732011AbeKIHoI (ORCPT + 99 others); Fri, 9 Nov 2018 02:44:08 -0500 Received: from mail.kernel.org ([198.145.29.99]:36848 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730393AbeKIHoH (ORCPT ); Fri, 9 Nov 2018 02:44:07 -0500 Received: from localhost (unknown [208.72.13.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EDC2920892; Thu, 8 Nov 2018 22:06:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541714796; bh=8Pc36kETOyESt388nlIfWSxxlhJZ+1Q4vx8l3GJ4suo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gVJlsU2P3RdaSJyLm83y4hnvI1p4J9KJ7f7Xah/uHcs+SRaAFHp1Putryshb5miLg QqOHpo4lNrQl+E1bljTQ6cCeey4k+TmltYJ2fba0z3xmphK3AjG3dxbNYGB5/0irwg mUSlPQ58Ch/owPnXsDCMRrvQgHnW5pGeAGYa0Fm4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ben Hutchings , Jordan Crouse , Rob Clark , Sasha Levin Subject: [PATCH 4.9 104/171] drm/msm: Fix possible null dereference on failure of get_pages() Date: Thu, 8 Nov 2018 13:51:14 -0800 Message-Id: <20181108215134.936530591@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181108215127.257643509@linuxfoundation.org> References: <20181108215127.257643509@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 3976626ea3d2011f8fd3f3a47070a8b792018253 ] Commit 62e3a3e342af changed get_pages() to initialise msm_gem_object::pages before trying to initialise msm_gem_object::sgt, so that put_pages() would properly clean up pages in the failure case. However, this means that put_pages() now needs to check that msm_gem_object::sgt is not null before trying to clean it up, and this check was only applied to part of the cleanup code. Move it all into the conditional block. (Strictly speaking we don't need to make the kfree() conditional, but since we can't avoid checking for null ourselves we may as well do so.) Fixes: 62e3a3e342af ("drm/msm: fix leak in failed get_pages") Signed-off-by: Ben Hutchings Reviewed-by: Jordan Crouse Signed-off-by: Rob Clark Signed-off-by: Sasha Levin --- drivers/gpu/drm/msm/msm_gem.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c index 7145127513c4..795660e29b2c 100644 --- a/drivers/gpu/drm/msm/msm_gem.c +++ b/drivers/gpu/drm/msm/msm_gem.c @@ -118,17 +118,19 @@ static void put_pages(struct drm_gem_object *obj) struct msm_gem_object *msm_obj = to_msm_bo(obj); if (msm_obj->pages) { - /* For non-cached buffers, ensure the new pages are clean - * because display controller, GPU, etc. are not coherent: - */ - if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) - dma_unmap_sg(obj->dev->dev, msm_obj->sgt->sgl, - msm_obj->sgt->nents, DMA_BIDIRECTIONAL); + if (msm_obj->sgt) { + /* For non-cached buffers, ensure the new + * pages are clean because display controller, + * GPU, etc. are not coherent: + */ + if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) + dma_unmap_sg(obj->dev->dev, msm_obj->sgt->sgl, + msm_obj->sgt->nents, + DMA_BIDIRECTIONAL); - if (msm_obj->sgt) sg_free_table(msm_obj->sgt); - - kfree(msm_obj->sgt); + kfree(msm_obj->sgt); + } if (use_pages(obj)) drm_gem_put_pages(obj, msm_obj->pages, true, false); -- 2.17.1