On Fri, Jul 29, 2022 at 12:06:43PM +0300, Alisa Khabibrakhmanova wrote:
> Pointer dev_priv->mmio, which was checked for NULL at via_do_init_map(),
> is passed to via_do_cleanup_map() and is dereferenced there without check.
>
> The patch adds the condition in via_dma_cleanup() which prevents potential NULL
> pointer dereference.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 22f579c621e2 ("drm: Add via unichrome support")
> Signed-off-by: Alisa Khabibrakhmanova <khabibrakhmanova@xxxxxxxxx>
This seems to have fallen through cracks, I applied it to drm-misc-next
now.
Thanks for your patch.
-Daniel
> ---
> drivers/gpu/drm/via/via_dri1.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/via/via_dri1.c b/drivers/gpu/drm/via/via_dri1.c
> index d695d9291ece..691e3ceb0062 100644
> --- a/drivers/gpu/drm/via/via_dri1.c
> +++ b/drivers/gpu/drm/via/via_dri1.c
> @@ -2961,7 +2961,7 @@ int via_dma_cleanup(struct drm_device *dev)
> drm_via_private_t *dev_priv =
> (drm_via_private_t *) dev->dev_private;
>
> - if (dev_priv->ring.virtual_start) {
> + if (dev_priv->ring.virtual_start && dev_priv->mmio) {
> via_cmdbuf_reset(dev_priv);
>
> drm_legacy_ioremapfree(&dev_priv->ring.map, dev);
> --
> 2.34.1
>
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
