Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp3419603pxb;
        Thu, 10 Feb 2022 22:04:30 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyk/jMBmJFKhppVq4nuF5PUL62rWuzMCLJc3dPbjt+Apa5FX/vCxbVyPag5eTe+qTy4z0ho
X-Received: by 2002:a17:903:4052:: with SMTP id n18mr240642pla.124.1644559470159;
        Thu, 10 Feb 2022 22:04:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1644559470; cv=none;
        d=google.com; s=arc-20160816;
        b=lo/e1xz2CbDlS3DrLp6ffTRzM1fmrjZCrCuzHZlHoS26/udbbQbmTMMqyCyX8vRI1z
         /pob2JE8yVoskMkUbZRpDf8KclHspi5EjIR2QvryxMllAtW28BDRuf/Y4Oupncdh3Ot4
         QZwb8rReRaSQ3b/eB7QBz71C7PEG3PjMSvLoang1PLRfLYt+2XlrJF+ZbJ9tQbZG2ajw
         NTja1c7gn2ar3CkpfTj4bCtn39rBodId037EG2CKYGsEHBmhfOLNAW/RKuxhBN4pPjmo
         4wkQc94ocOuNdmtV/PqubdJWctE4w/s9/lwKUPk9gldJoF0dH4P9jArujcdRugkN4c2x
         ajSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:reply-to:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=Lj1eeK7kUfDgss0yrT7ApPgAE+paJuT8krEknACJ5zI=;
        b=e1Abv5v6LU6oIoNCR4fZiTwdCnawehJnRMuZOxE7IipBVphH0cx9OR1Dtp7wTRnqWx
         gEcyaAzCD8a+ol5EMtj0Ghl5gsTMKX6fDKoWmyXqQdXbCv4o456YosbFQrzQk66Hl/iY
         NZVKw4vUEIDWkhjy0DZ/EQ8yV6DaUufZbsecajbnDB45VG5dxnO/ot1/xaqTceK8XlWK
         8sXO5Z1gxjfcNFRwocgM/CzeL8uNlADNJxnohjzXM6UB1qiNWItvv5Z/FhkZ9iYEO59e
         7V6z0YEUyvo/YV3Scyy2GYK4mAwsR4ltVLm1xMOl47bN5dWzCQcQz7cxAjqj+WY8DytV
         dHZg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aB890eTX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id i6si2061621plr.396.2022.02.10.22.04.18;
        Thu, 10 Feb 2022 22:04:30 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aB890eTX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1346832AbiBKB0Z (ORCPT <rfc822;tarbal@gmail.com> + 99 others);
        Thu, 10 Feb 2022 20:26:25 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:40084 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1346084AbiBKB0W (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Feb 2022 20:26:22 -0500
Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 92BED267F;
        Thu, 10 Feb 2022 17:26:22 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by sin.source.kernel.org (Postfix) with ESMTPS id E0095CE25E4;
        Fri, 11 Feb 2022 01:26:20 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 078B3C004E1;
        Fri, 11 Feb 2022 01:26:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1644542779;
        bh=RIkLyIEnDnAtAvgTMBO+mKp45fPhtgteavEWXrg4euw=;
        h=Date:From:To:Cc:Subject:Reply-To:References:In-Reply-To:From;
        b=aB890eTXzZCpBszQDfR46CLeerYfBHc5bLDOkAywlVEA1WljJIWndIonbdQAIba26
         xG113oP2lThwHHoe3M83ctVw/pUHspye+lYttVTGEciEE2qKeAGQt44DX6MWPK76bC
         4bZ8cY/axNQM1EhhtLpK2pntYohJevqYDVeVvtfsH7p2kD769D1r9BY/9qwzgqILWH
         9T7CxFLnujhP2sBHaTeXDX5N9xS8K6GbyialzD4zrGZUz7UbVP8LMbXNoU0eR/VpOi
         gMM1QtiUldaL3aWS5FPDP+KW+DUfS/OGszuunc33ihXBpbbiqy0yewrE2xupzGc9Mi
         W+nVS9hpc6EHA==
Received: by paulmck-ThinkPad-P17-Gen-1.home (Postfix, from userid 1000)
        id A8E2E5C0165; Thu, 10 Feb 2022 17:26:18 -0800 (PST)
Date:   Thu, 10 Feb 2022 17:26:18 -0800
From:   "Paul E. McKenney" <paulmck@kernel.org>
To:     Zhouyi Zhou <zhouzhouyi@gmail.com>
Cc:     daniel@ffwll.ch, deller@gmx.de, sam@ravnborg.org,
        linux@roeck-us.net, willy@infradead.org,
        linux-fbdev@vger.kernel.org, dri-devel@lists.freedesktop.org,
        linux-kernel@vger.kernel.org, rcu@vger.kernel.org,
        pmenzel@molgen.mpg.de
Subject: Re: [PATCH linux-next] video: fbdev: fbmem: fix pointer reference to
 null device field
Message-ID: <20220211012618.GA4285@paulmck-ThinkPad-P17-Gen-1>
Reply-To: paulmck@kernel.org
References: <20220210065824.368355-1-zhouzhouyi@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220210065824.368355-1-zhouzhouyi@gmail.com>
X-Spam-Status: No, score=-7.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Feb 10, 2022 at 02:58:24PM +0800, Zhouyi Zhou wrote:
> In function do_remove_conflicting_framebuffers, if device is NULL, there
> will be null pointer reference. The patch add a check to the if expression.
> 
> Signed-off-by: Zhouyi Zhou <zhouzhouyi@gmail.com>
> ---
> Dear Linux folks
> 
> I discover this bug in the PowerPC VM provided by
> Open source lab of Oregon State University:
> 
> https://lkml.org/lkml/2022/2/8/1145
> 
> I found that the root cause of null device field is in offb_init_fb:
> info = framebuffer_alloc(sizeof(u32) * 16, NULL);
> 
> I have tested the patch in the PowerPC VM. Hope my patch can be correct.

This looks plausible to me, but I am quite unfamiliar with this code.

						Thanx, Paul

> Many Thanks
> Zhouyi
> --
>  drivers/video/fbdev/core/fbmem.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
> index 34d6bb1bf82e..422b1fc01722 100644
> --- a/drivers/video/fbdev/core/fbmem.c
> +++ b/drivers/video/fbdev/core/fbmem.c
> @@ -1579,7 +1579,7 @@ static void do_remove_conflicting_framebuffers(struct apertures_struct *a,
>  			 * If it's not a platform device, at least print a warning. A
>  			 * fix would add code to remove the device from the system.
>  			 */
> -			if (dev_is_platform(device)) {
> +			if (device && dev_is_platform(device)) {
>  				registered_fb[i]->forced_out = true;
>  				platform_device_unregister(to_platform_device(device));
>  			} else {
> -- 
> 2.25.1
>