This is a note to let you know that I've just added the patch titled
dma-buf: fix an error pointer vs NULL bug
to the 6.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
dma-buf-fix-an-error-pointer-vs-null-bug.patch
and it can be found in the queue-6.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 00ae1491f970acc454be0df63f50942d94825860 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Date: Thu, 6 Jul 2023 15:37:51 +0300
Subject: dma-buf: fix an error pointer vs NULL bug
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
commit 00ae1491f970acc454be0df63f50942d94825860 upstream.
Smatch detected potential error pointer dereference.
drivers/gpu/drm/drm_syncobj.c:888 drm_syncobj_transfer_to_timeline()
error: 'fence' dereferencing possible ERR_PTR()
The error pointer comes from dma_fence_allocate_private_stub(). One
caller expected error pointers and one expected NULL pointers. Change
it to return NULL and update the caller which expected error pointers,
drm_syncobj_assign_null_handle(), to check for NULL instead.
Fixes: f781f661e8c9 ("dma-buf: keep the signaling time of merged fences v3")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Reviewed-by: Christian König <christian.koenig@xxxxxxx>
Reviewed-by: Sumit Semwal <sumit.semwal@xxxxxxxxxx>
Signed-off-by: Sumit Semwal <sumit.semwal@xxxxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/b09f1996-3838-4fa2-9193-832b68262e43@moroto.mountain
Cc: Jindong Yue <jindong.yue@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/dma-buf/dma-fence.c | 2 +-
drivers/gpu/drm/drm_syncobj.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/dma-buf/dma-fence.c
+++ b/drivers/dma-buf/dma-fence.c
@@ -160,7 +160,7 @@ struct dma_fence *dma_fence_allocate_pri
fence = kzalloc(sizeof(*fence), GFP_KERNEL);
if (fence == NULL)
- return ERR_PTR(-ENOMEM);
+ return NULL;
dma_fence_init(fence,
&dma_fence_stub_ops,
--- a/drivers/gpu/drm/drm_syncobj.c
+++ b/drivers/gpu/drm/drm_syncobj.c
@@ -355,8 +355,8 @@ static int drm_syncobj_assign_null_handl
{
struct dma_fence *fence = dma_fence_allocate_private_stub(ktime_get());
- if (IS_ERR(fence))
- return PTR_ERR(fence);
+ if (!fence)
+ return -ENOMEM;
drm_syncobj_replace_fence(syncobj, fence);
dma_fence_put(fence);
Patches currently in stable-queue which might be from dan.carpenter@xxxxxxxxxx are
queue-6.4/soundwire-amd-fix-a-check-for-errors-in-probe.patch
queue-6.4/drm-amd-display-unlock-on-error-path-in-dm_handle_ms.patch
queue-6.4/phy-phy-mtk-dp-fix-an-error-code-in-probe.patch
queue-6.4/dma-buf-fix-an-error-pointer-vs-null-bug.patch
queue-6.4/staging-ks7010-potential-buffer-overflow-in-ks_wlan_set_encode_ext.patch
queue-6.4/rdma-mlx4-make-check-for-invalid-flags-stricter.patch
queue-6.4/revert-usb-xhci-tegra-fix-error-check.patch
queue-6.4/tty-serial-sh-sci-fix-sleeping-in-atomic-context.patch
queue-6.4/proc-vmcore-fix-signedness-bug-in-read_from_oldmem.patch
queue-6.4/revert-usb-gadget-tegra-xudc-fix-error-check-in-tegra_xudc_powerdomain_init.patch
queue-6.4/phy-hisilicon-fix-an-out-of-bounds-check-in-hisi_inn.patch
