Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp191953iob; Mon, 2 May 2022 16:47:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGGWVRCgtKEBFriL0f4gJh71xm4WI+3y/9QtshLQDcL5bYMTQqbJCReE8ROqwcK+OIDKmp X-Received: by 2002:a63:fa41:0:b0:3c2:1941:5894 with SMTP id g1-20020a63fa41000000b003c219415894mr5931682pgk.296.1651535253026; Mon, 02 May 2022 16:47:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651535253; cv=none; d=google.com; s=arc-20160816; b=JmgV6b+0EHw4h5xEmTUQ702M5t99dpfH1d+JLf5421543Pqr+Zf3z1Sr4ZzLf2dUHW zuBa4X/8ANAkP+/ED5iUAeQat3qcry56C0frmpyIRtFLo47toploi5naUWSLvPFcZ490 NVCBjAt2asDMmYK/wUhl0LX+T1KspQ3N+JNxDJcGbXUU2pCMBnQprP5x8wIK/sx4a3nU pNCN9ko8afbSanB1yS57chpaOSF7M1cv5ZyMTWwUFE90AQZeAfb01wUQQVc0GgOExw56 a5Q8TPgIZXZGFPNZqXPKrW8I7Mk6POEVE5nP7tDGgrTLIPgQ1IOnT+GrhBJvDPRSmJjO lzbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=BQpSyCSvSxwXSRLg4x96E4uuSIM8J4F+LPJOv0S8u+E=; b=nDw+kP8JCxEWtCrOIRYm0gHca0jVOvsBrmF7E3Beai2JtGH0/NGNIgQtqE2ZM62gjl B9vaQt2mJBEpatYiZPnqF2dl1G+iKik93pwcPUYCQ2pzmPH2kvZUpt2ywgm44WRqipLw 83/MAt23l8kAEGIaIG9bAoKl29jkiBMrdmM8hsr5+s1tctYfJgVNLJtPf09DnaxCmNfv P8qEhn6gMeGMJPKeBKloMVpqdO/QWJkJNBSsN89fhlSMvvDdU1jZTzNpGESjKlCuUWrZ kaWZq1fmB2j3FEMr4BV0Hf9xDHuSSax1+7v/y4QEcjgzgUO/HBVxH9qt+B+O2NnaCk7K /L6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=B2jeY0OG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id s10-20020a17090a880a00b001caa0b8c6f0si599579pjn.18.2022.05.02.16.47.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 16:47:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=B2jeY0OG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 103CA33A06; Mon, 2 May 2022 16:47:27 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236244AbiEBNzo (ORCPT + 99 others); Mon, 2 May 2022 09:55:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1385456AbiEBNyO (ORCPT ); Mon, 2 May 2022 09:54:14 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B1E4A13D34 for ; Mon, 2 May 2022 06:50:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1651499443; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=BQpSyCSvSxwXSRLg4x96E4uuSIM8J4F+LPJOv0S8u+E=; b=B2jeY0OGiOeMFgO8xSDWDD9sJCG5BW9sz6lMsl6l4fPx3Q0RTF9ttsMcAH6VK/fUNwc+NN Qpiynf4owwkQU+eDLnuIYQUi46P+teQp5rBI/BhYnKgTytRKyrwhXfL/5seWhafbYcAEpF IR/fxzpxGhwDHa3eS7cxlq1xxNAbQ40= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-121-oJygabKOOme5umDuqfBGWQ-1; Mon, 02 May 2022 09:50:42 -0400 X-MC-Unique: oJygabKOOme5umDuqfBGWQ-1 Received: by mail-wr1-f69.google.com with SMTP id o13-20020adfa10d000000b0020c6fa5a77cso305361wro.23 for ; Mon, 02 May 2022 06:50:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=BQpSyCSvSxwXSRLg4x96E4uuSIM8J4F+LPJOv0S8u+E=; b=PxB9qMFu0lp0IdkvJYD6jB2dpSZEANGUV4DYnsa3A5JlhqgUpZO2fCvrUU14KZf7wX s7Z0wY+PJmWwt0caRk+BUU1uLYMug8hLgjC8rhBUhvQ46lU73gBrX4+Iu2EiwnbJ+E/T YcwFqUi6kfa6HeHzuBz4Yyx3RC8C3DaFZj7b20tI4bazpJT0IiWuzSVYBzu5Bio0K6Z3 +SvEP/X5zNSipfoHBQmTOA7pmya070vxcmKPBY1eyijqFNeqeDMG3Aav9PHwEYrwyYuG KKBmsGQ5S36GVr+3aXhQcGm7zmgoMkUKAC+oif1qgekw+e+jDshvddUWtpXoQLXKOjcv 8YXw== X-Gm-Message-State: AOAM531vSzTCfTUk7dUSk3OpcwF6uM+8wsoBMtHI4ybA/ccO3fPLgS0h qEzzP96za19o9GLZtA8+uBfoSRwa6hI7gJnBPx3hEvtqXmTvsWSMcZb/jUh8Up004Kbd198v0mP kVm6ONzFxDbPOMt+L3DtHan8GVZ4y/zj9doczDWWKRGprR8Vz8Q93kfbwaSARzx/k+9RF8qsXHd 4= X-Received: by 2002:a1c:f315:0:b0:381:1f6d:6ca6 with SMTP id q21-20020a1cf315000000b003811f6d6ca6mr15371035wmq.25.1651499441067; Mon, 02 May 2022 06:50:41 -0700 (PDT) X-Received: by 2002:a1c:f315:0:b0:381:1f6d:6ca6 with SMTP id q21-20020a1cf315000000b003811f6d6ca6mr15371002wmq.25.1651499440753; Mon, 02 May 2022 06:50:40 -0700 (PDT) Received: from minerva.home ([92.176.231.205]) by smtp.gmail.com with ESMTPSA id w6-20020adf8bc6000000b0020c5253d8bdsm8725957wra.9.2022.05.02.06.50.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 06:50:40 -0700 (PDT) From: Javier Martinez Canillas To: linux-kernel@vger.kernel.org Cc: Maxime Ripard , Thomas Zimmermann , Javier Martinez Canillas , Junxiao Chang , Alex Deucher , Changcheng Deng , Daniel Vetter , Hans de Goede , Helge Deller , Sam Ravnborg , Xiyu Yang , Zack Rusin , Zhen Lei , Zheyu Ma , Zhouyi Zhou , dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org Subject: [PATCH v2] fbdev: Make fb_release() return -ENODEV if fbdev was unregistered Date: Mon, 2 May 2022 15:50:14 +0200 Message-Id: <20220502135014.377945-1-javierm@redhat.com> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A reference to the framebuffer device struct fb_info is stored in the file private data, but this reference could no longer be valid and must not be accessed directly. Instead, the file_fb_info() accessor function must be used since it does sanity checking to make sure that the fb_info is valid. This can happen for example if the registered framebuffer device is for a driver that just uses a framebuffer provided by the system firmware. In that case, the fbdev core would unregister the framebuffer device when a real video driver is probed and ask to remove conflicting framebuffers. The bug has been present for a long time but commit 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal") unmasked it since the fbdev core started unregistering the framebuffers' devices associated. Fixes: 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal") Reported-by: Maxime Ripard Reported-by: Junxiao Chang Signed-off-by: Javier Martinez Canillas Reviewed-by: Thomas Zimmermann --- Changes in v2: - Drop patch 1/2 since patch 2/2 should be enough to fix the issue. - Add missing Fixes and Reported-by tags (Thomas Zimmermann). - Add Thomas Zimmermann's Reviewed-by tag. drivers/video/fbdev/core/fbmem.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 84427470367b..82d4318ba8f7 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1434,7 +1434,10 @@ fb_release(struct inode *inode, struct file *file) __acquires(&info->lock) __releases(&info->lock) { - struct fb_info * const info = file->private_data; + struct fb_info * const info = file_fb_info(file); + + if (!info) + return -ENODEV; lock_fb_info(info); if (info->fbops->fb_release) -- 2.35.1