Received: by 2002:ab2:3350:0:b0:1f4:6588:b3a7 with SMTP id o16csp1242740lqe; Mon, 8 Apr 2024 03:16:09 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVQEt6y4IptuTk9FbJZ6jrQxeCmyXWxbQK6nG30IiAcuGRck4i52Warjc9Um4x8uC14SZMzSPsD1tZWToe3ZmdE0ts34ZvzPLR2h3eXQA== X-Google-Smtp-Source: AGHT+IGZ1mrkeTJ3i2eIZ632Ag4ivNS9EahBM98938RcHkH1gV6soC3uw8kJiRVANcsNZkCrzDy/ X-Received: by 2002:a05:6870:65a5:b0:22a:a40a:a09f with SMTP id fp37-20020a05687065a500b0022aa40aa09fmr9781247oab.54.1712571369512; Mon, 08 Apr 2024 03:16:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712571369; cv=pass; d=google.com; s=arc-20160816; b=O7rgyoZR5n2J402Io9Mo+uwwqADHf7/R7vVpji4ZUdkGaRqMeJmG2agSGMKStbXDnh m/5FP8fLa5TyRnA2AYuNS2Z4YwTjM9iHz3z6kTNvlkHFaZ1vCvVAs+O7YbDCi/4fbtfN LLCmZHNKyQZu6fqX5mDNDZ+3BOrt/Xl9ld4a2BkRmrsa08NltpeeKV9hrKq75Tv21X5v ZBN8td3pcwUAvAKMTmzxpb08R8TQGVzCDKTIIhBrfKKGn9+ItEz+bNKvl4qtxHALK9fQ q7/ZHJrU6g7kAaFq6D35CJujPlNpynLpinSuFS3ZQUX+4gCQt95jYPiVCIiNhA/oALBY QdCg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date; bh=i7HJz+WJ5cPURV40Wf+Bwzi8HqAEPj5ubCx1bYHiiI4=; fh=6z1tig1znksP2bzOKM78lPuUo/mfh7WzVPV1dvg407Y=; b=zUJfZaONObWRNo2GlHsId+WM/t2FwennX6mlVBAl03BDJ5jrXqMHSvKryx0AOW5CZW hlm7cJAqWkmaFv3NUCjgKwoGrgVO3drizkpOEcUfG45z5hngeJOigm02p1xDbHUn7s+0 vtxUC7mBm1y+wZcJ3oIKOIkINnjypVwq2iXNbd8eBxqxDBtzhLz9fKszo/79UJLzLChp +AcczWLLq2qIfvVay6Agnpkl62ID2IRot8j9jPyNnHWXSFjUslB4eXGKdbXoDxWLjOPu ONG9uUc97NTHvsE/f8N3maqN3f6oHZVIzXqNqUu8QzqoQnmExQP4PJhBSvZUWLH5+rFi hFgw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com); spf=pass (google.com: domain of linux-kernel+bounces-135213-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-135213-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id le15-20020a056a004fcf00b006ed2168d42bsi2857467pfb.87.2024.04.08.03.16.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Apr 2024 03:16:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-135213-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com); spf=pass (google.com: domain of linux-kernel+bounces-135213-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-135213-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id B04BCB20F0F for ; Mon, 8 Apr 2024 10:15:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6D44E52F86; Mon, 8 Apr 2024 10:15:51 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8FFEA47F4A for ; Mon, 8 Apr 2024 10:15:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712571351; cv=none; b=gHmvMhXO6QP+LTdg/rx6wB64t+7lg9XOWSLm/xsFv3UFmXQGPOEWDmZDIpj3yZtiUFSw6F6eN0Obdn1WlFieQIQC9KIcnHJbeEKIUu8aBedq1UfE9ORGakNgs0G3ZYcLMzPV+98d6mr11Gve1QvFjQL1z5aBFUpxIMPvRWWgez0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712571351; c=relaxed/simple; bh=6656wgXhCIaDQgy7RQtYIBZ1HxG+G84/yZNGuxzwqGI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=nR6fOi6UkV5kSXpNQV3a9EBQIsDSxk/b7FcnETuo9wPTa6+aQuXBs/f1g2kyRNmBmKDIW4+/IByt36ts5WWKXDQwwvB/4UTtso677R1EAbj0AXaRkdMZEdC2VeXpIIpqLhdC635f7fNwReuLLhlMN3Dx0QVC4ZZJ+bYm76Q5Gz8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 902D81007 for ; Mon, 8 Apr 2024 03:16:19 -0700 (PDT) Received: from e110455-lin.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id DF2203F766 for ; Mon, 8 Apr 2024 03:15:48 -0700 (PDT) Date: Mon, 8 Apr 2024 11:15:41 +0100 From: Liviu Dudau To: Huai-Yuan Liu Cc: maarten.lankhorst@linux.intel.com, mripard@kernel.org, tzimmermann@suse.de, airlied@gmail.com, daniel@ffwll.ch, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, baijiaju1990@outlook.com Subject: Re: [PATCH V2] drm/arm/malidp: fix a possible null pointer dereference Message-ID: References: <20240407063053.5481-1-qq810974084@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20240407063053.5481-1-qq810974084@gmail.com> On Sun, Apr 07, 2024 at 02:30:53PM +0800, Huai-Yuan Liu wrote: > In malidp_mw_connector_reset, new memory is allocated with kzalloc, but > no check is performed. In order to prevent null pointer dereferencing, > ensure that mw_state is checked before calling > __drm_atomic_helper_connector_reset. > > Fixes: 8cbc5caf36ef ("drm: mali-dp: Add writeback connector") > Signed-off-by: Huai-Yuan Liu Reviewed-by: Liviu Dudau Thanks for the patch. I will pull it into drm-misc-fixes before the end of the week. Best regards, Liviu > --- > V2: > * In patch V2, we additionally set connector->state to NULL. In this way > we can ensure that there is no state pointing to freed memory. > Thanks to Liviu Dudau for helpful suggestion. > --- > drivers/gpu/drm/arm/malidp_mw.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/arm/malidp_mw.c b/drivers/gpu/drm/arm/malidp_mw.c > index 626709bec6f5..2577f0cef8fc 100644 > --- a/drivers/gpu/drm/arm/malidp_mw.c > +++ b/drivers/gpu/drm/arm/malidp_mw.c > @@ -72,7 +72,10 @@ static void malidp_mw_connector_reset(struct drm_connector *connector) > __drm_atomic_helper_connector_destroy_state(connector->state); > > kfree(connector->state); > - __drm_atomic_helper_connector_reset(connector, &mw_state->base); > + connector->state = NULL; > + > + if (mw_state) > + __drm_atomic_helper_connector_reset(connector, &mw_state->base); > } > > static enum drm_connector_status > -- > 2.34.1 > -- ==================== | I would like to | | fix the world, | | but they're not | | giving me the | \ source code! / --------------- ¯\_(ツ)_/¯