From: Dave Airlie <airlied@xxxxxxxxxx>
if we don't have a lock, detect it early and avoid oopsing, this should
fix some of the NULL pointer derefs under fuzzing.
Reported-by: Tommi Rantala <tt.rantala@xxxxxxxxx>
Signed-off-by: Dave Airlie <airlied@xxxxxxxxxx>
---
drivers/gpu/drm/drm_context.c | 5 +++++
drivers/gpu/drm/drm_lock.c | 3 +++
2 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/drivers/gpu/drm/drm_context.c b/drivers/gpu/drm/drm_context.c
index a186563..7db0fb0 100644
--- a/drivers/gpu/drm/drm_context.c
+++ b/drivers/gpu/drm/drm_context.c
@@ -394,6 +394,9 @@ int drm_switchctx(struct drm_device *dev, void *data,
{
struct drm_ctx *ctx = data;
+ if (!file_priv->master->lock.hw_lock)
+ return -EINVAL;
+
DRM_DEBUG("%d\n", ctx->handle);
return drm_context_switch(dev, dev->last_context, ctx->handle);
}
@@ -414,6 +417,8 @@ int drm_newctx(struct drm_device *dev, void *data,
{
struct drm_ctx *ctx = data;
+ if (!file_priv->master->lock.hw_lock)
+ return -EINVAL;
DRM_DEBUG("%d\n", ctx->handle);
drm_context_switch_complete(dev, file_priv, ctx->handle);
diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c
index d752c96..e177abe 100644
--- a/drivers/gpu/drm/drm_lock.c
+++ b/drivers/gpu/drm/drm_lock.c
@@ -157,6 +157,9 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv)
return -EINVAL;
}
+ if (!master->lock.hw_lock)
+ return -EINVAL;
+
atomic_inc(&dev->counts[_DRM_STAT_UNLOCKS]);
if (drm_lock_free(&master->lock, lock->context)) {
--
1.7.1
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/dri-devel
