1. Patchew
  2. linux
  3. View series

[PATCH] drm/vmwgfx: Handle surface check failure correctly

Nikolay Kuratov posted 1 patch 1 year, 4 months ago 
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] drm/vmwgfx: Handle surface check failure correctly
Posted by Nikolay Kuratov 1 year, 4 months ago 
Currently if condition (!bo and !vmw_kms_srf_ok()) was met
we go to err_out with ret == 0.
err_out dereferences vfb if ret == 0, but in our case vfb is still NULL.

Fix this by assigning sensible error to ret.

Found by Linux Verification Center (linuxtesting.org) with SVACE

Signed-off-by: Nikolay Kuratov <kniv@yandex-team.ru>
Cc: stable@vger.kernel.org
Fixes: 810b3e1683d0 ("drm/vmwgfx: Support topology greater than texture size")
---
 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index 288ed0bb75cb..752510a11e1b 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -1539,6 +1539,7 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev,
 		DRM_ERROR("Surface size cannot exceed %dx%d\n",
 			dev_priv->texture_max_width,
 			dev_priv->texture_max_height);
+		ret = -EINVAL;
 		goto err_out;
 	}
 
-- 
2.34.1
Re: [PATCH] drm/vmwgfx: Handle surface check failure correctly
Posted by Zack Rusin 1 year, 4 months ago 
On Wed, Oct 2, 2024 at 8:26 AM Nikolay Kuratov <kniv@yandex-team.ru> wrote:
>
> Currently if condition (!bo and !vmw_kms_srf_ok()) was met
> we go to err_out with ret == 0.
> err_out dereferences vfb if ret == 0, but in our case vfb is still NULL.
>
> Fix this by assigning sensible error to ret.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE
>
> Signed-off-by: Nikolay Kuratov <kniv@yandex-team.ru>
> Cc: stable@vger.kernel.org
> Fixes: 810b3e1683d0 ("drm/vmwgfx: Support topology greater than texture size")
> ---
>  drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> index 288ed0bb75cb..752510a11e1b 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> @@ -1539,6 +1539,7 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev,
>                 DRM_ERROR("Surface size cannot exceed %dx%d\n",
>                         dev_priv->texture_max_width,
>                         dev_priv->texture_max_height);
> +               ret = -EINVAL;
>                 goto err_out;
>         }
>
> --
> 2.34.1
>

Thank you. I pushed it to drm-misc-fixes.

z

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.