This is a note to let you know that I've just added the patch titled
drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle
to the 6.11-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
drm-vmwgfx-avoid-null_ptr_deref-in-vmw_framebuffer_s.patch
and it can be found in the queue-6.11 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 432eb812ea621b9c4f0b2f8d57936dfc1cabc02d
Author: Chen Ridong <chenridong@xxxxxxxxxx>
Date: Tue Oct 29 08:34:29 2024 +0000
drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle
[ Upstream commit 93d1f41a82de382845af460bf03bcb17dcbf08c5 ]
The 'vmw_user_object_buffer' function may return NULL with incorrect
inputs. To avoid possible null pointer dereference, add a check whether
the 'bo' is NULL in the vmw_framebuffer_surface_create_handle.
Fixes: d6667f0ddf46 ("drm/vmwgfx: Fix handling of dumb buffers")
Signed-off-by: Chen Ridong <chenridong@xxxxxxxxxx>
Signed-off-by: Zack Rusin <zack.rusin@xxxxxxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20241029083429.1185479-1-chenridong@xxxxxxxxxxxxxxx
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index 63b8d7591253c..10d596cb4b402 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -1265,6 +1265,8 @@ static int vmw_framebuffer_surface_create_handle(struct drm_framebuffer *fb,
struct vmw_framebuffer_surface *vfbs = vmw_framebuffer_to_vfbs(fb);
struct vmw_bo *bo = vmw_user_object_buffer(&vfbs->uo);
+ if (WARN_ON(!bo))
+ return -EINVAL;
return drm_gem_handle_create(file_priv, &bo->tbo.base, handle);
}
