Received: by 2002:a05:7412:8d11:b0:fa:4934:9f with SMTP id bj17csp313560rdb;
        Sun, 14 Jan 2024 19:24:59 -0800 (PST)
X-Google-Smtp-Source: AGHT+IGbMOHDFecIanN2X2FIz4JNIHNfIKfCpnV1D3zOvKReHUNYNPUlyxjCoweitc9vi7ZTrXDl
X-Received: by 2002:a05:6358:5203:b0:173:fb40:2679 with SMTP id b3-20020a056358520300b00173fb402679mr6381492rwa.54.1705289099337;
        Sun, 14 Jan 2024 19:24:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1705289099; cv=none;
        d=google.com; s=arc-20160816;
        b=QM9oQ+WVyty/e2Pq6K3/ZteYQajEv7E/slyY/h5UETqS2sFZW/LkxDUnlTSh7PgQc0
         PPTFgx/iPPObU3ysutrWUZGc7M+lBfzjAxxYrphTjQ3fZCZXm9FAGDPM3d3YskZpaNxA
         rGVsRqc/Rr7FsSWdb73adKr0JqWXuIbHz8q5aeV16kvVh9bizCveoP/LmqkUgjwqN+dw
         7jw5ffYSN+xlVtkkFFFSpvKd4ZTU45HNAN8O2CJdEL85+ICBOMz0HnlJ04J2GsEk11YI
         46n3iMQnsqo30A5oO1luWvMhQOcfwG0Do1rBPuL/49WnXXGWRU5X2QylhZlvmicE1AO0
         Cqaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=umZvaYDAwrORdiVXdyH0U9J4qwVSoCAeds/6FjwiJi0=;
        fh=RbfvV66bnf72Iu/tz2anQm+bfamlC4rDNk7JCSCt48I=;
        b=wR4pNRcAYqcW2R/ElNFI7d3c06CjBohPWW3O80iDNkQjZV2c/nnDXGk9ZFTJ39FzyQ
         g51rfKaJbEafa10ZjTnmGLHAkNau1ChutM/xurChE9wJ/FwbLZ41qlze/kf4NePuwUXI
         31vDSDdj8/zPflR7xnAbrgCxLBkWTmrqzsIzM1C+1h3GQIwhGlFwXDmD2zwjeAb+/B82
         8APXBQWM4L8EiCLa7zSNcIUY05Z+zEehijoCt0oXHtdpEECzAJbrUJPLkaYacNTVvFAH
         pbXmKD/Xx3Tlp9wuC4RXU2VQbcrIbLDJlH+F9O/ToVJB2sIkQrBAmZ+caJIGyrgKITgr
         4DEA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FBYUsvo0;
       spf=pass (google.com: domain of linux-kernel+bounces-25604-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-25604-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-25604-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id c20-20020a17090a8d1400b0028c26709e8bsi10410931pjo.10.2024.01.14.19.24.59
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 14 Jan 2024 19:24:59 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-25604-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FBYUsvo0;
       spf=pass (google.com: domain of linux-kernel+bounces-25604-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-25604-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id ECEAD28129A
	for <linux.lists.archive@gmail.com>; Mon, 15 Jan 2024 03:24:58 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 03B9E1FAA;
	Mon, 15 Jan 2024 03:24:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FBYUsvo0"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 357ED3C0B;
	Mon, 15 Jan 2024 03:24:50 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 817DDC433C7;
	Mon, 15 Jan 2024 03:24:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1705289090;
	bh=mo76Nukq1W2YdcLMIvym+hHc0dhnYF0ZzSC0le28VnA=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=FBYUsvo0XHkzqVRKkeZu9QuGyxEdZTZEIgkUT2atkEStyBstrXRoCv84LXOliWvVs
	 cliKqsVslsAazoPzFIZ3vHKIhBh2Nyd2kvF3atNT0uasFEx56sW/tvt5Ov/RJNXEQ3
	 3bHaG1DSmTdyVTHjiT+axC/q891hn9HKnQF+ZTospsYDu9Ni4Rmc4f2E+dDfrfz/fM
	 FEf3mKVswtOp5dxJ/mGMbXyEOVZE8D/nO65MtJS6dMqnrL6QUHhQRctiHzzk+yIuQG
	 F4yszopL0vNniBhZHNo5qLwSPiGikBU7NQUMCFzk7BSmWtN12ijgEiLpH9VoIRVmUu
	 gc7+cnHApoxzQ==
Date: Sun, 14 Jan 2024 22:24:49 -0500
From: Sasha Levin <sashal@kernel.org>
To: Jani Nikula <jani.nikula@linux.intel.com>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
	tzimmermann@suse.de, Ziqi Zhao <astrajoan@yahoo.com>,
	Maxime Ripard <mripard@kernel.org>, dri-devel@lists.freedesktop.org,
	Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>,
	syzbot+4fad2e57beb6397ab2fc@syzkaller.appspotmail.com
Subject: Re: [PATCH AUTOSEL 4.14 3/6] drm/crtc: Fix uninit-value bug in
 drm_mode_setcrtc
Message-ID: <ZaSlgTAz7vdk97JJ@sashalap>
References: <20231218124725.1382738-1-sashal@kernel.org>
 <20231218124725.1382738-3-sashal@kernel.org>
 <87bkamvay5.fsf@intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <87bkamvay5.fsf@intel.com>

On Tue, Dec 19, 2023 at 10:44:02AM +0200, Jani Nikula wrote:
>On Mon, 18 Dec 2023, Sasha Levin <sashal@kernel.org> wrote:
>> From: Ziqi Zhao <astrajoan@yahoo.com>
>>
>> [ Upstream commit 3823119b9c2b5f9e9b760336f75bc989b805cde6 ]
>>
>> The connector_set contains uninitialized values when allocated with
>> kmalloc_array. However, in the "out" branch, the logic assumes that any
>> element in connector_set would be equal to NULL if failed to
>> initialize, which causes the bug reported by Syzbot. The fix is to use
>> an extra variable to keep track of how many connectors are initialized
>> indeed, and use that variable to decrease any refcounts in the "out"
>> branch.
>>
>> Reported-by: syzbot+4fad2e57beb6397ab2fc@syzkaller.appspotmail.com
>> Signed-off-by: Ziqi Zhao <astrajoan@yahoo.com>
>> Reported-and-tested-by: syzbot+4fad2e57beb6397ab2fc@syzkaller.appspotmail.com
>> Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
>> Link: https://lore.kernel.org/r/20230721161446.8602-1-astrajoan@yahoo.com
>> Signed-off-by: Maxime Ripard <mripard@kernel.org>
>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>
>This commit fixes an uninitialized value, but introduces a new
>one. Please backport 6e455f5dcdd1 ("drm/crtc: fix uninitialized variable
>use") from v6.7-rc6 to go with it.

I'll take 6e455f5dcdd1 too, thanks!

-- 
Thanks,
Sasha