Karol Herbst
2021-Nov-13 20:21 UTC
[Nouveau] [PATCH] drm/nouveau/core: fix the uninitialized use in nvkm_ioctl_map()
something seems to have messed with the patch so it doesn't apply correctly. On Thu, Jun 17, 2021 at 9:39 AM Yizhuo Zhai <yzhai003 at ucr.edu> wrote:> > In function nvkm_ioctl_map(), the variable "type" could be > uninitialized if "nvkm_object_map()" returns error code, > however, it does not check the return value and directly > use the "type" in the if statement, which is potentially > unsafe. > > Signed-off-by: Yizhuo <yzhai003 at ucr.edu> > --- > drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > index d777df5a64e6..7f2e8482f167 100644 > --- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > +++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > @@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client, > ret = nvkm_object_map(object, data, size, &type, > &args->v0.handle, > &args->v0.length); > + if (ret) > + return ret; > if (type == NVKM_OBJECT_MAP_IO) > args->v0.type = NVIF_IOCTL_MAP_V0_IO; > else > -- > 2.17.1 >
Yizhuo Zhai
2021-Nov-16 05:58 UTC
[Nouveau] [PATCH] drm/nouveau/core: fix the uninitialized use in nvkm_ioctl_map()
Hi Karol: Thanks for the feedback, the patch might be too old to apply to the latest code tree. Let me check and get back to you soon. On Sat, Nov 13, 2021 at 12:22 PM Karol Herbst <kherbst at redhat.com> wrote:> > something seems to have messed with the patch so it doesn't apply correctly. > > On Thu, Jun 17, 2021 at 9:39 AM Yizhuo Zhai <yzhai003 at ucr.edu> wrote: > > > > In function nvkm_ioctl_map(), the variable "type" could be > > uninitialized if "nvkm_object_map()" returns error code, > > however, it does not check the return value and directly > > use the "type" in the if statement, which is potentially > > unsafe. > > > > Signed-off-by: Yizhuo <yzhai003 at ucr.edu> > > --- > > drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > > b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > > index d777df5a64e6..7f2e8482f167 100644 > > --- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > > +++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > > @@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client, > > ret = nvkm_object_map(object, data, size, &type, > > &args->v0.handle, > > &args->v0.length); > > + if (ret) > > + return ret; > > if (type == NVKM_OBJECT_MAP_IO) > > args->v0.type = NVIF_IOCTL_MAP_V0_IO; > > else > > -- > > 2.17.1 > > >-- Kind Regards, Yizhuo Zhai Computer Science, Graduate Student University of California, Riverside
Karol Herbst
2021-Nov-16 11:09 UTC
[Nouveau] [PATCH] drm/nouveau/core: fix the uninitialized use in nvkm_ioctl_map()
On Tue, Nov 16, 2021 at 6:58 AM Yizhuo Zhai <yzhai003 at ucr.edu> wrote:> > Hi Karol: > Thanks for the feedback, the patch might be too old to apply to the > latest code tree. Let me check and get back to you soon. >sorry, that's not what I meant. It used whitespaces instead of tabs and the headers were also a bit broken. I just suspect that when sending it something went wrong or so.> On Sat, Nov 13, 2021 at 12:22 PM Karol Herbst <kherbst at redhat.com> wrote: > > > > something seems to have messed with the patch so it doesn't apply correctly. > > > > On Thu, Jun 17, 2021 at 9:39 AM Yizhuo Zhai <yzhai003 at ucr.edu> wrote: > > > > > > In function nvkm_ioctl_map(), the variable "type" could be > > > uninitialized if "nvkm_object_map()" returns error code, > > > however, it does not check the return value and directly > > > use the "type" in the if statement, which is potentially > > > unsafe. > > > > > > Signed-off-by: Yizhuo <yzhai003 at ucr.edu> > > > --- > > > drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > > > b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > > > index d777df5a64e6..7f2e8482f167 100644 > > > --- a/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > > > +++ b/drivers/gpu/drm/nouveau/nvkm/core/ioctl.c > > > @@ -266,6 +266,8 @@ nvkm_ioctl_map(struct nvkm_client *client, > > > ret = nvkm_object_map(object, data, size, &type, > > > &args->v0.handle, > > > &args->v0.length); > > > + if (ret) > > > + return ret; > > > if (type == NVKM_OBJECT_MAP_IO) > > > args->v0.type = NVIF_IOCTL_MAP_V0_IO; > > > else > > > -- > > > 2.17.1 > > > > > > > > -- > Kind Regards, > > Yizhuo Zhai > > Computer Science, Graduate Student > University of California, Riverside >