Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp2661903lqz; Wed, 3 Apr 2024 05:13:28 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXRR2E83p8r63F/KIMMCc5EIxsvQ6AzHirRXvDS+J9NXI/aaoPHgr1lE9eshG4vUrd3nB2dNkqBgve7U+ytfblEcLbUV5ITpVH5+z1k7g== X-Google-Smtp-Source: AGHT+IH0MBn49kyfQNwkwmvMi62g2oy5K1UQDkPZNl4GE+dEzI5/kBViZeJjFNE1wSnSFuQ+MK9y X-Received: by 2002:a17:903:2442:b0:1e2:6191:b97e with SMTP id l2-20020a170903244200b001e26191b97emr6899771pls.17.1712146407881; Wed, 03 Apr 2024 05:13:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712146407; cv=pass; d=google.com; s=arc-20160816; b=Q4y0dfN8kexwLD8l5MbalXx1tkuKfDhlIJxjZwZjxGsCuQ8n9/drzPHaX03GnaXDrb jfki0+ksKYrD3ECg2xC/lHv1Kjqb/KIs6bGufKaU3hk2Nltg9Pu2lFcjl2lP1JSr7/10 SvIRf4PCc3PSGjMJnMlY6JPfRzmQqK7+qqMQN7uVcxZr8t8zNhg1tkzXyRdpWToS+0k+ 9xtZ7B+9VqHzQtBf5CQBV57JFbJ3uIPKys2wayBwLvaf1lylhjitkrEgut8mr9booNQE Kst904nkTuaulUi0BqmjZH4aCPFFRZZeIpw7Wzjs7IujPPsBqiiAOkxW9vVD1ro2PPeL qc9w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date; bh=MhzEj7lx5MQdUSOIHo7W5CnQ1he7sEy2kO7g/xmEc84=; fh=6z1tig1znksP2bzOKM78lPuUo/mfh7WzVPV1dvg407Y=; b=ULb54o8hBM6isK+q1XOYaWSspzAJSBIw4vMD5ofz7Qv5bnnxZgyjrSM7lxdXOlzYXJ Vj2ECJ3LysKJTjsXVKIdrXSyL0fUfUbuQrCtt9bb0pRnUIUTd+T/raC48Q1tL2LK1yZx r6KyP9YUH1lO5GZaGYPnhsONUzdgb9xV9CZLpsTKyU6c0/NpMbrmY5c0fN+vrXVQJ2aL +b7y2DSVfRVam154onz0MwwHLUa3zn28o3K2Wy3fg4CsV3Oq9OfqAGq2UnsIiJnnvtzb 4JqCO3jk5hLPGK5q1G714jLWsx+g1gWZ71N1m5d5pHphsynfibpFjRKS7zjjs/0puI/J LyYQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com); spf=pass (google.com: domain of linux-kernel+bounces-129706-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-129706-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id b17-20020a170902e95100b001e0b5ece460si13249320pll.145.2024.04.03.05.13.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Apr 2024 05:13:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-129706-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com); spf=pass (google.com: domain of linux-kernel+bounces-129706-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-129706-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8753A2824E9 for ; Wed, 3 Apr 2024 12:13:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0782C145FF8; Wed, 3 Apr 2024 12:13:22 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E94A3142E75 for ; Wed, 3 Apr 2024 12:13:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712146401; cv=none; b=cfExWCoI17cKNFvkdONMYMiUctb+4vEMxoUGhsPK9YfAmRzPmEwal05T66LkQPbYij6TuaCvx1AWLBKkffAFOKsdSQ03TQNUtt2P4nWspWYjZX2SdyNP0hryPCNob7s+ICXXOvj23tUwBGN5OBfX+6inVX5aopYXUoX6um/qQQ8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712146401; c=relaxed/simple; bh=MnDzAPaZgh+LwiX3vguMB41qPw4moIIh3UtknoJDEz8=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=k3yhAMKLSpko5qtmb5Oul/S9/h54/zQdcjLuOcZDsIe7znIHXBFEKfcyUFNX3dAPRmNyV7dzzyGIwtMoo3mgysblOaYBFYB9XHC6AVbjHq9nXGfm+0CtpYtLmUYbUFDrlAUTYHXslDWYALiOE5ZEufaJ1zIV4sdBP3MHFYReMwc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 705321007 for ; Wed, 3 Apr 2024 05:13:50 -0700 (PDT) Received: from e110455-lin.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 2836A3F64C for ; Wed, 3 Apr 2024 05:13:19 -0700 (PDT) Date: Wed, 3 Apr 2024 13:13:11 +0100 From: Liviu Dudau To: Huai-Yuan Liu Cc: maarten.lankhorst@linux.intel.com, mripard@kernel.org, tzimmermann@suse.de, airlied@gmail.com, daniel@ffwll.ch, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, baijiaju1990@outlook.com Subject: Re: [PATCH] drm/arm/malidp: fix a possible null pointer dereference Message-ID: References: <20240403014301.969988-1-qq810974084@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20240403014301.969988-1-qq810974084@gmail.com> Hi, On Wed, Apr 03, 2024 at 09:43:01AM +0800, Huai-Yuan Liu wrote: > > In malidp_mw_connector_reset, new memory is allocated with kzalloc, but > no check is performed. In order to prevent null pointer dereferencing, > ensure that mw_state is checked before calling > __drm_atomic_helper_connector_reset. Thanks for the patch, it does look like an oversight. Can I suggest you respin your patch and add a connector->state = NULL; right after kfree(connector->state) ? That way we can be sure we're not leaving state pointing to freed memory. Best regards, Liviu > > Fixes: 8cbc5caf36ef ("drm: mali-dp: Add writeback connector") > Signed-off-by: Huai-Yuan Liu > --- > drivers/gpu/drm/arm/malidp_mw.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/arm/malidp_mw.c b/drivers/gpu/drm/arm/malidp_mw.c > index 626709bec6f5..25623ef9be80 100644 > --- a/drivers/gpu/drm/arm/malidp_mw.c > +++ b/drivers/gpu/drm/arm/malidp_mw.c > @@ -72,7 +72,9 @@ static void malidp_mw_connector_reset(struct drm_connector *connector) > __drm_atomic_helper_connector_destroy_state(connector->state); > > kfree(connector->state); > - __drm_atomic_helper_connector_reset(connector, &mw_state->base); > + > + if (mw_state) > + __drm_atomic_helper_connector_reset(connector, &mw_state->base); > } > > static enum drm_connector_status > -- > 2.34.1 > -- ==================== | I would like to | | fix the world, | | but they're not | | giving me the | \ source code! / --------------- ¯\_(ツ)_/¯