mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-12 03:26:26 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/gpu/drm/virtio
History
Liu Zixian c51d00472f drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes 
[ Upstream commit 194d250cdc ]

drm_cvt_mode may return NULL and we should check it.

This bug is found by syzkaller:

FAULT_INJECTION stacktrace:
[  168.567394] FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
[  168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1
[  168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[  168.567408] Call trace:
[  168.567414]  dump_backtrace+0x0/0x310
[  168.567418]  show_stack+0x28/0x38
[  168.567423]  dump_stack+0xec/0x15c
[  168.567427]  should_fail+0x3ac/0x3d0
[  168.567437]  __should_failslab+0xb8/0x120
[  168.567441]  should_failslab+0x28/0xc0
[  168.567445]  kmem_cache_alloc_trace+0x50/0x640
[  168.567454]  drm_mode_create+0x40/0x90
[  168.567458]  drm_cvt_mode+0x48/0xc78
[  168.567477]  virtio_gpu_conn_get_modes+0xa8/0x140 [virtio_gpu]
[  168.567485]  drm_helper_probe_single_connector_modes+0x3a4/0xd80
[  168.567492]  drm_mode_getconnector+0x2e0/0xa70
[  168.567496]  drm_ioctl_kernel+0x11c/0x1d8
[  168.567514]  drm_ioctl+0x558/0x6d0
[  168.567522]  do_vfs_ioctl+0x160/0xf30
[  168.567525]  ksys_ioctl+0x98/0xd8
[  168.567530]  __arm64_sys_ioctl+0x50/0xc8
[  168.567536]  el0_svc_common+0xc8/0x320
[  168.567540]  el0_svc_handler+0xf8/0x160
[  168.567544]  el0_svc+0x10/0x218

KASAN stacktrace:
[  168.567561] BUG: KASAN: null-ptr-deref in virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]
[  168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425
[  168.567566]
[  168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1
[  168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[  168.567575] Call trace:
[  168.567578]  dump_backtrace+0x0/0x310
[  168.567582]  show_stack+0x28/0x38
[  168.567586]  dump_stack+0xec/0x15c
[  168.567591]  kasan_report+0x244/0x2f0
[  168.567594]  __asan_load4+0x58/0xb0
[  168.567607]  virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]
[  168.567612]  drm_helper_probe_single_connector_modes+0x3a4/0xd80
[  168.567617]  drm_mode_getconnector+0x2e0/0xa70
[  168.567621]  drm_ioctl_kernel+0x11c/0x1d8
[  168.567624]  drm_ioctl+0x558/0x6d0
[  168.567628]  do_vfs_ioctl+0x160/0xf30
[  168.567632]  ksys_ioctl+0x98/0xd8
[  168.567636]  __arm64_sys_ioctl+0x50/0xc8
[  168.567641]  el0_svc_common+0xc8/0x320
[  168.567645]  el0_svc_handler+0xf8/0x160
[  168.567649]  el0_svc+0x10/0x218

Signed-off-by: Liu Zixian <liuzixian4@huawei.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220322091730.1653-1-liuzixian4@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-06-09 10:25:18 +02:00
..
Kconfig drivers: gpu: drm: virtio: fix dependency of DRM_VIRTIO_GPU on VIRTIO 2020-12-22 13:43:29 +01:00
Makefile drm/virtio: implement blob resources: implement vram object 2020-09-29 11:23:33 +02:00
virtgpu_debugfs.c drm/virtio: implement context init: probe for feature 2021-09-29 09:22:30 +02:00
virtgpu_display.c drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes 2022-06-09 10:25:18 +02:00
virtgpu_drv.c Linux 5.16-rc5 2021-12-14 10:24:28 +01:00
virtgpu_drv.h drm/virtgpu api: define a dummy fence signaled event 2021-11-29 11:46:32 +01:00
virtgpu_fence.c drm/virtio: implement context init: add virtio_gpu_fence_event 2021-09-29 09:22:31 +02:00
virtgpu_gem.c drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() 2022-03-28 10:03:21 +02:00
virtgpu_ioctl.c Linux 5.16-rc5 2021-12-14 10:24:28 +01:00
virtgpu_kms.c virtio: wrap config->reset calls 2022-01-14 18:50:52 -05:00
virtgpu_object.c drm: Return error codes from struct drm_driver.gem_create_object 2021-12-02 11:12:39 +01:00
virtgpu_plane.c drm/virtio: implement context init: plumb {base_fence_ctx, ring_idx} to virtio_gpu_fence_alloc 2021-09-29 09:22:30 +02:00
virtgpu_prime.c drm/virtio: support mapping exported vram 2021-08-16 14:09:40 +02:00
virtgpu_trace.h
virtgpu_trace_points.c
virtgpu_vq.c drm/virtio: implement context init: stop using drv->context when creating fence 2021-09-29 09:22:31 +02:00
virtgpu_vram.c drm/virtio: support mapping exported vram 2021-08-16 14:09:40 +02:00