Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2476386pxj; Mon, 10 May 2021 04:02:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzrl+k17G3t3iYLTZLN79kg0olxll7QT0g2XhVtVncmyU/zHUFqm34uxdykB+CrBLLLrlFM X-Received: by 2002:a05:600c:47d7:: with SMTP id l23mr36340618wmo.95.1620644569979; Mon, 10 May 2021 04:02:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620644569; cv=none; d=google.com; s=arc-20160816; b=h0ndYhBPECV9qMhwBovoMFNZ0my60J7BRdPo1IdnkPOOLSaEiTeZUuU2H5u872cbEM s9yEEuI0kSKJs8bcP58OrZJG5+E3zPwpM7DkL+J7gF7lhdmLqKCFvf2+XKJTDEB+bjA6 kJDP5Z5cPmP6nYBydmwzWMru8B8+Lcd7d1MY3nXRxb1+KkR862ZsGmPWKmz69Fx5UHq2 jccZRi3k5Uaxd/WcHdBCW9t/YUPAjyL9IxNMub3XsI/G3Gmq1B46NlixojBP+ETbq5uM TwcAmZnpPJTvKZZ5YxRQugdbFZ6vWdlGBeKX1szwG/nndtDd6xSxNtSd8DhHZ5P5/nTI dM8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=X5KOwhP96sWU+sxXIeId0/vzsXG4p7fWsWN3KqgZS1U=; b=R6mfnzOoLmX46qi9VqxN+9gkQs0rS9+qiS4oNsVEK6jhoHiF+tAKEmkD0iNmtvGckV IwOaZHC0pR9CgWHbPvvSkmGdD25aZ6k1+LgldKoKs+S3TMRT/E785NBEx6OfwI+hMhkK nYQWJ5vv189/UCCRPV0xku1NY5xCv6jr2NazlPigouspksR1KDWOj0uRxPVYDTrQNDNQ QdeUOX+RmJAXRDAT5m5hIFeqmVvTuirp6WTTWUCpNx7VxZ6wjbpdGT3m3zrzzNKZ8dxt /71sy3G+HuDW3rpFKKPNQc2Cry8Vkbruee888+qIYm4rvgLL12upv9GXuWUMila1J0pD unHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aA1+6K1l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s27si14131756edy.9.2021.05.10.04.02.23; Mon, 10 May 2021 04:02:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aA1+6K1l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235589AbhEJLBi (ORCPT + 99 others); Mon, 10 May 2021 07:01:38 -0400 Received: from mail.kernel.org ([198.145.29.99]:59360 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233297AbhEJKpf (ORCPT ); Mon, 10 May 2021 06:45:35 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id E7FC761998; Mon, 10 May 2021 10:35:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620642944; bh=Js9mGIGUIFAU8eXZRYozls/ur99/Bns1dPzL6l4LIvo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aA1+6K1lrL/DpJnQFYPe9D745wEGktNk3zgiCKT7c3e0ktvB+lyD8h85UjSDR5G44 5co+utgXVH8ccso5+4XiZdEqN/W8qQR8rwKQGrlAtYTJtGwKWP90f6AuyKXHebWzh5 c65UmJA8vlBkRKULdYvGk91+dvS/KM5i7gweLWY4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tong Zhang , Gerd Hoffmann , Sasha Levin Subject: [PATCH 5.10 114/299] drm/qxl: do not run release if qxl failed to init Date: Mon, 10 May 2021 12:18:31 +0200 Message-Id: <20210510102008.729649886@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510102004.821838356@linuxfoundation.org> References: <20210510102004.821838356@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tong Zhang [ Upstream commit b91907a6241193465ca92e357adf16822242296d ] if qxl_device_init() fail, drm device will not be registered, in this case, do not run qxl_drm_release() [ 5.258534] ================================================================== [ 5.258931] BUG: KASAN: user-memory-access in qxl_destroy_monitors_object+0x42/0xa0 [qxl] [ 5.259388] Write of size 8 at addr 00000000000014dc by task modprobe/95 [ 5.259754] [ 5.259842] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc6-00007-g88bb507a74ea #62 [ 5.260309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda54 [ 5.260917] Call Trace: [ 5.261056] dump_stack+0x7d/0xa3 [ 5.261245] kasan_report.cold+0x10c/0x10e [ 5.261475] ? qxl_destroy_monitors_object+0x42/0xa0 [qxl] [ 5.261789] check_memory_region+0x17c/0x1e0 [ 5.262029] qxl_destroy_monitors_object+0x42/0xa0 [qxl] [ 5.262332] qxl_modeset_fini+0x9/0x20 [qxl] [ 5.262595] qxl_drm_release+0x22/0x30 [qxl] [ 5.262841] drm_dev_release+0x32/0x50 [ 5.263047] release_nodes+0x39e/0x410 [ 5.263253] ? devres_release+0x40/0x40 [ 5.263462] really_probe+0x2ea/0x420 [ 5.263664] driver_probe_device+0x6d/0xd0 [ 5.263888] device_driver_attach+0x82/0x90 [ 5.264116] ? device_driver_attach+0x90/0x90 [ 5.264353] __driver_attach+0x60/0x100 [ 5.264563] ? device_driver_attach+0x90/0x90 [ 5.264801] bus_for_each_dev+0xe1/0x140 [ 5.265014] ? subsys_dev_iter_exit+0x10/0x10 [ 5.265251] ? klist_node_init+0x61/0x80 [ 5.265464] bus_add_driver+0x254/0x2a0 [ 5.265673] driver_register+0xd3/0x150 [ 5.265882] ? 0xffffffffc0048000 [ 5.266064] do_one_initcall+0x84/0x250 [ 5.266274] ? trace_event_raw_event_initcall_finish+0x150/0x150 [ 5.266596] ? unpoison_range+0xf/0x30 [ 5.266801] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 [ 5.267082] ? unpoison_range+0xf/0x30 [ 5.267287] ? unpoison_range+0xf/0x30 [ 5.267491] do_init_module+0xf8/0x350 [ 5.267697] load_module+0x3fe6/0x4340 [ 5.267902] ? vm_unmap_ram+0x1d0/0x1d0 [ 5.268115] ? module_frob_arch_sections+0x20/0x20 [ 5.268375] ? __do_sys_finit_module+0x108/0x170 [ 5.268624] __do_sys_finit_module+0x108/0x170 [ 5.268865] ? __ia32_sys_init_module+0x40/0x40 [ 5.269111] ? file_open_root+0x200/0x200 [ 5.269330] ? do_sys_open+0x85/0xe0 [ 5.269527] ? filp_open+0x50/0x50 [ 5.269714] ? exit_to_user_mode_prepare+0xfc/0x130 [ 5.269978] do_syscall_64+0x33/0x40 [ 5.270176] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 5.270450] RIP: 0033:0x7fa3f685bcf7 [ 5.270646] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f7 48 89 d1 [ 5.271634] RSP: 002b:00007ffca83048d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 5.272037] RAX: ffffffffffffffda RBX: 0000000001e94a70 RCX: 00007fa3f685bcf7 [ 5.272416] RDX: 0000000000000000 RSI: 0000000001e939e0 RDI: 0000000000000003 [ 5.272794] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001 [ 5.273171] R10: 00007fa3f68bf300 R11: 0000000000000246 R12: 0000000001e939e0 [ 5.273550] R13: 0000000000000000 R14: 0000000001e93bd0 R15: 0000000000000001 [ 5.273928] ================================================================== Signed-off-by: Tong Zhang Link: http://patchwork.freedesktop.org/patch/msgid/20210203040727.868921-1-ztong0001@gmail.com Signed-off-by: Gerd Hoffmann Signed-off-by: Sasha Levin --- drivers/gpu/drm/qxl/qxl_drv.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/qxl/qxl_drv.c b/drivers/gpu/drm/qxl/qxl_drv.c index 6e7f16f4cec7..41cdf9d1e59d 100644 --- a/drivers/gpu/drm/qxl/qxl_drv.c +++ b/drivers/gpu/drm/qxl/qxl_drv.c @@ -144,6 +144,8 @@ static void qxl_drm_release(struct drm_device *dev) * reodering qxl_modeset_fini() + qxl_device_fini() calls is * non-trivial though. */ + if (!dev->registered) + return; qxl_modeset_fini(qdev); qxl_device_fini(qdev); } -- 2.30.2