From patchwork Wed Jun 7 13:24:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Hellstrom X-Patchwork-Id: 9771527 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1C4C460350 for ; Wed, 7 Jun 2017 13:40:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F60A283BE for ; Wed, 7 Jun 2017 13:40:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0453D28472; Wed, 7 Jun 2017 13:40:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 76F26283BE for ; Wed, 7 Jun 2017 13:40:21 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id F054B6E24A; Wed, 7 Jun 2017 13:40:20 +0000 (UTC) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0084.outbound.protection.outlook.com [104.47.34.84]) by gabe.freedesktop.org (Postfix) with ESMTPS id 7F59A6E249 for ; Wed, 7 Jun 2017 13:40:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=onevmw.onmicrosoft.com; s=selector1-vmware-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ZR2S2gMwChFvVyZi4q47E1Gp0GFz73NeLLsujCllzP8=; b=oOo/LyCl6A0ltzFixwxbc0Sx3JBvDtNzaDN2UPnUqEO+PPYhdunhKdC/3MGvRiELoQUsAYllGg/cL9DbTNsRRR0M7CQK8q8GkKaORmANA3XKhGo3BQytWJ1ntczqgVltGn0kRKnSTiVac6uJRedbx2N2j5yjJMNja3h1aZ3lTVE= Authentication-Results: lists.freedesktop.org; dkim=none (message not signed) header.d=none; lists.freedesktop.org; dmarc=none action=none header.from=vmware.com; Received: from ubuntu.localdomain (155.4.205.56) by BLUPR05MB753.namprd05.prod.outlook.com (10.141.208.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1157.3; Wed, 7 Jun 2017 13:24:59 +0000 From: Thomas Hellstrom To: dri-devel@lists.freedesktop.org Subject: [PATCH -fixes 4/9] drm/vmwgfx: Make sure backup_handle is always valid Date: Wed, 7 Jun 2017 15:24:20 +0200 Message-Id: <1496841865-2349-4-git-send-email-thellstrom@vmware.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1496841865-2349-1-git-send-email-thellstrom@vmware.com> References: <1496841865-2349-1-git-send-email-thellstrom@vmware.com> MIME-Version: 1.0 X-Originating-IP: [155.4.205.56] X-ClientProxiedBy: BN6PR16CA0019.namprd16.prod.outlook.com (10.172.212.157) To BLUPR05MB753.namprd05.prod.outlook.com (10.141.208.140) X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BLUPR05MB753: X-MS-Office365-Filtering-Correlation-Id: 19a91aef-39e9-45da-a05e-08d4ada898e7 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201703131423075)(201703031133081); SRVR:BLUPR05MB753; X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB753; 3:3SjidqzrlhwzFW1yIILkIsxUSzPaHigdntqupS+yRw+M3jFt24o9AgRym7nfEHZ8azuQhcIG58xmabR2m/+2XfH9jS6PHSVMhaZeaAqrXUPtr0+5iUzFj/Yj4qdyye3KVceAoLQtFEVxRyXkWus7U87ySG+bpvdusgLFo1AyDacymCp3XLSEBfiOdrOJ2K2qvuUJdxdJMbpgpPIalt9TDdaWg6zOaBJvK0GDDkExEMsp+bJSC9XhyAw/y6ujHawwYEYqI/KATiRdgz49trAaubqw2nMS4023IIbV6+Ct8HxAm7Vn9cPAecjQt6WsWbUiX3RMNLCuYCW2qh2SWHzcCQ==; 25:NM68ZYEe6GQR/xBPgYXQSIiNAF/9Zn/904osONalwk9oRoBLFz4AS/99kGdOwDHVsRjyLeV+IsjZvm/Ez3ixEi85WJ1hkXGxZPmLDVh3BiSBYyIyZxljVgO4jMAd8EmbbGzIM4p4FFQRLO5duavQ1D5dypLIbGMmXNRDqdBbC+xiX8o+EMGQK4T6/Ls4lfP2nBYMxsLjpMjt1eSxqwCQqWHZL3DClowadT0hyjeyEBJAnXxhlXiRxrUE1vAcXG6b+riDAh/V9xldmpwDB4p2AHaIylPrmXAn3ZvnjuQtVkqGa5MjzMPWcqjYZx+Vz0k59Lc8iPlIqQWijNb+UuakB+LBAS4xqc2clTAjc7Tbk66NmUITSP+bEIZk0r+NDf6Ye5invH/NijApHgphny2XrSqlw5eQ8bwSpQFggVXjHUJrqB8t+x73JIFEMpQG02zNTK72x9ns6iZx8O12pmdJgBIOmkSLqgSS/20aNHiifNo= X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB753; 31:Z/VdeDLZr1hADKxaFbXWakfb7kGjGrglFeApEEDvrD3eKNreKFo5tHCnWmC2tC6OId+D1jN/HOGTaI8XoegfsQogWUDGkEzKzifV5qk4raCvkCkbNgu9OWqidpbBV30za62qPDQCkSebHv3moBq+MzGebyhyLCwcoTP4SqD190CIRNsPEVha5ulx2EPLsYk+VhYQQihyb4fISVB7E00JM98xX9KF34VMTmoPwXkZFJ0=; 20:l1FD9RQJaSWQz+i/2XGOR/DiZ21q9GjWiM6+Gq2WazBndSNuO5YOcZuJBzPyiMjkIXSMrjSi4+JzH5iRBeGdxyJmH+p+WN3Mnx3LOXqzX4C1Cll8lsaRMYdBF5zkFeufVC09WnERTUMhwCbjJ28ICjTsDnddfcbBMmNQELm2FpJOH/vC1Bv9QmS+Ahnn/JEnjevzblXvcg5oje7hGXUv8bTUqlpnN7py42g1g9PmdXvRJ1Sys5BweDNSSQ/+Q84lruc0jJl084BxQUBqJVxT0sUCj1kEirSANutEpDxLW4MdYSN8Ze2XvVyrt60gkG4YMK4G404wTBL4YooJ+l2yZRa4xNahAoPfs5yiSw0vJqYuzXoM/tWdcbFTTNccGG05sMoIYpLvIsSm0tEx8sTt/xD5Yx0GuSAIF0u0mlWDOBd/gR0QzzKwuBRIq7pfew0p6QSHzHgWKnn9qO7axN+7JQXg1qjCDBIbGvkBYSpG/BYiTUmgk2G2eesGYX7tyEjM X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(61668805478150)(9452136761055); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(6041248)(20161123558100)(20161123562025)(20161123564025)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BLUPR05MB753; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BLUPR05MB753; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BLUPR05MB753; 4:T3/8J8ztURg8cHVbGoVBArE7BSZGztdXZqOWhFNg4Jp?= =?us-ascii?Q?fMIbLGgOaIHFJlaraEpCUnx7UTHs0DOq5YQow0oGJo2j1kdbaRxT3azn2M0v?= =?us-ascii?Q?tunIhOsEp+zbSgwuw/r3lXdrV9bzF4A3OAKrF66b25Ei/W2Q6Gzx2DWNgmPk?= =?us-ascii?Q?tczW3x8+aYQkD0tykkWPGei6Y1Hd6MSERQuhNkeox8lxOtQHVbUeDihejyan?= =?us-ascii?Q?ccw8ixnPxC5GLbQ+UcNMFRCyqlMm6M0BGyFxemAF8e0L19y4dJz65GEicCkA?= =?us-ascii?Q?fujSxVXrxy4FtMnlorN/mGbH0yJISbCo981PnhgQBEhBCHiGqW9huXGMFPwM?= =?us-ascii?Q?GZu1PGTMoGkb8XOSgpOjESP9IafkBDbvjAXKbEt/MD6Z5Z0aq20r9rHB/UIW?= =?us-ascii?Q?Xq5whjzHkKiGZP1MifFAIslezxuHsou9oBmD7VJPWMS08Kh4bA8a9n/zZueM?= =?us-ascii?Q?KC4JLED0VdhluelUrfH2M7tA9FU7WZngbh/q6GfON/lAs5IO957pEZKe7ypy?= =?us-ascii?Q?EBqYEw7YkbmqFVvkX2rWXuvtBBKpO+2WSjHeuEpZAKVjRTYLxFnHVjPNJWeF?= =?us-ascii?Q?llRfr3dV1EJ7tg9ux9HRXgWXrIISkslOHrWd9i4xdxZErvtp/MyF7GGX0J0P?= =?us-ascii?Q?nfRoB/qO5pwyeY/TyvNcdNkTR+8yfWQw+Sszj06Az3A0LodXPtFaSMJ9caUH?= =?us-ascii?Q?MWmYt6ZeBN9+r2lmLDbjATm5JChJbubKCv7N/F/k3vqYzhzY8dlI5Vs36dYb?= =?us-ascii?Q?tHZG2EC+0L3TGYWqN0DcjyPRElha4/49jD8aqlIdNnAbrJ7h79krivyHT8b3?= =?us-ascii?Q?Qlgnoe4FQD0ZytI6W+R7XjyF0S45AK0k1fbw131Do2noNCWJqvkoxnBger99?= =?us-ascii?Q?YB202WEkgcZkhe2QTLwe21WA+xuEku3atq0L/3ydx1hnFUYQihPwHiWhFaDt?= =?us-ascii?Q?jO5CJ4Byc9safm8foPmr0FXjLFFC0a2BwM+VHZCQ87MkMzLIF1v2YWI9+PY6?= =?us-ascii?Q?txlhxPlfNbacvktOPYuNeof/DWIW6bAnxkBcH+g0iGuQNSWsanQTxZ8n+9L/?= =?us-ascii?Q?QxpVW/K0J4U8vrT5a7I2LV31FsTuUIPeegiAs68GtTCB+XCOLD73hJ+iP2PK?= =?us-ascii?Q?gBdDUeYYQWffKE1FcP5Nh42NKsFzD+m5SwYy6IkQNJpxCdIfvnmcbShzubc6?= =?us-ascii?Q?m/r4k9aLw/G6cnqbTzg9K1Gw8oNHI/yzNqe5Avo+4oVFAbICjY7f85A=3D?= =?us-ascii?Q?=3D?= X-Forefront-PRVS: 03319F6FEF X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(39410400002)(39400400002)(39450400003)(39850400002)(76176999)(38730400002)(110136004)(2906002)(305945005)(47776003)(86362001)(66066001)(5660300001)(3846002)(6666003)(50986999)(5003940100001)(81166006)(6916009)(6116002)(478600001)(7736002)(2950100002)(50226002)(6506006)(2361001)(33646002)(6486002)(6512007)(25786009)(42186005)(189998001)(2351001)(4326008)(50466002)(48376002)(53936002)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR05MB753; H:ubuntu.localdomain; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BLUPR05MB753; 23:mKbWr37z0Dis+aa9yST4WQVI/yQdfI5SqBrJB0fJBf?= =?us-ascii?Q?SeNKfK75sxvXSalm/ewGcoNp39QvDBJrS+ImZx4pairNGCbKy8w5P8y9HnHU?= =?us-ascii?Q?2An1qiWqN0Y25UPLoQNHmia5rOTZI6Ve9fY+Ui4UcEEkEMPsHq4jtBFDaKl6?= =?us-ascii?Q?h3pXAqrYGkQRiNnayfDj/mIVTCLe9iuTP6pkgwxdsEH3KIfx2I3Iy0uJp0s6?= =?us-ascii?Q?D4aXuD8YR7ys2FP78wqBpuYIonlqQgFdvwTZps6TIBm3GSoKtWFHj8iPzHDv?= =?us-ascii?Q?npI6JUvZrxAutIn6ypxJgVU7meRhjuclI82IU2LqmpVoUhw+BTKQJpIZAq2n?= =?us-ascii?Q?YjtWp5xpJlr+BvCazqmoKTcsHcKNP99CwMBOM1PrV7n2a7QisGwOxG0EDK/m?= =?us-ascii?Q?PxNvNh8dXs6GG0MvPCAHDLIISfinpm+YPqVH2SpWFK3mt7zHhc6BisM0FalJ?= =?us-ascii?Q?6B/QdIvj9yMId7hQnKocbYdb79wj5ZfxXRkYd6BxgymINGdFmAYRpuXlX/98?= =?us-ascii?Q?lFjr0B9p8RWPrVlC3NN3Km+eB9KRZEDXS5ZGzg6KO1Uu1Nym+NUtKD5c4Dfz?= =?us-ascii?Q?nv3eOuX3gFaFIiBB7iLGgMzTXFdx7RiPm0w0e1FB9zAQZfGexu14Yk/5vYPq?= =?us-ascii?Q?SjbzC0R5eY7PGi82Ao1RFkMNQoMXX6NnEFpYPTCJaG231aJCGybj1XdYItiI?= =?us-ascii?Q?o3ST+vYmuJ81lYOBKFZ3p1+XNQ/JVLItgqwTVjaE8WhyjcJZVMP2w/blb6wy?= =?us-ascii?Q?V1RiC93hYQ5KrZQnySf/R3V2NzWKmsrZr8XxrauHKEivf7Nz7SPcZAxdZssd?= =?us-ascii?Q?HbOLUMlLuMHnnIGO01Llk9Vfje41mCc5d1YZJZFqB9b2zUqWrYu467M41SCE?= =?us-ascii?Q?pKsSYKXxYUQ41Hg+DnWkozoAfTrd8rmQXyey0I9A3XE2jw+2+lrdiv/ABMFR?= =?us-ascii?Q?x878ososTvdSqH+5pLfZe3xesBk3x8KByqXxZtcNKXAwlypZe1xZGIlOFzSn?= =?us-ascii?Q?hxlKwf32qsbrXolLJyKVDm?= X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB753; 6:ySsW+hSn1e87drAB6/eX9U7C5CkDfa0y31tSwxUBjPY9MX2iNnrblj3NmQeO/8eJCxUsdp1F/9dPm0jLqVgijMJQF33IBQYy5cFtXZVCAvSJbh7JmSqSqh12jt7M+0l3L2k7HVTmGYK5EOQfcsiDMAeGrMOzkFan6j2e/ptN3bywQjhIHi/ZdryGpVLdP1oOAu8jZnGxja3elwcLW7g07ElmCReB6TTaUrNsq99KO9Hy3esoRPDT+BLT2av+j9i1hillo1GcDNLKg3iAi0CCMoJ7sI/UX3PjfzVq8Byz2ntBggym+z9L3e2ghlJqA6XboFY1A8lVFi2Pqa7p8ADUTee1FCB3qxcCj74tUYASRhPf0AXBE4eMNQYKr954QIHLfSq+JZxKQKm6R+CcH/l648BZ8LubIl7CbpDPilI+0cu9pSU/ghjr1rLaoIQTLcjvasV83/jcAZCOOM7fEDKxckJLUkehXKI4lWZFQ5eDl1k6O9xIVhvKQmuTPyOWv4TXt1yaLkoyaJ9qglrEQ1iq+Q== X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB753; 5:7h4b/EqcZ5FrpmL2U8QicURpvdEPbo3f8OwjJ54qCVJrBy/ruHi514TOVNrqPHNjBmgS6lcefk1rFtXMqSdR2Sq/OKKQelLxttSlcYLT1Snk509PqCUb3yblzeLhEgM2ncZg5LEEC2Vt3/9U78GDLmTysXjhLI2vcBXVFoWpQq71g6gV/ku+1E6XIWINs0F4EXcidY2qbMid0HmruMlFUK55o6Xh+LZU6hLRyAGE2h8d6OnoHKG4pNS40UyL/+FkZi2BtveIL+svpxBCZ4PUOQocbDLv2lsNaGHk7aBBG+nsONhaj2FJk3tQAHxrGtGjbhbffHzeJPGHIqnmmJbQPlVMu2GdOD0BzX9j1LOkzM+r1kAZ8r85UZN5rDIFCPjFtBOG2lzqrrC+RwXhk5+Wm61fPtr6ZOHlwqb1m+sEpBF58DDwwAJa3moZT8ahYaFRKonEzd76DzuS/dvAm/sctbDsaq3ulMnwj2XHuidaw1B/QIWvxrTKpwSvQyth/4JD; 24:FQ99Ae2bTo0GiZc7CKfgYirJmIi5oXYRli4UEyyQ+giLXgkdsgbSciMIPAqCsO6/6eNfeYBGYhX1yp9j+kMaFebzt8Ib6D3UvZWd/G4Zs/w= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB753; 7:RV7wSJo20GUdeCXATbRDHcR/N2m+Ae3X2LG9TutJMjAZZZ8IpPrHDZMp/jGYTdHTUUkZnb9IHRpaM3vZaBUij4eqhUd4Fem3rNKN8y93z4Yo8jAnna3N/Z7/5Cb/gV/aqG2+S8yTfuQUI3WoORiEO7Lua8EVNlfk8GQn1no67IbzH3ytxXiGCvNPoXQ4BVUbqwcyBbL4E8kGm+j4S2jdbN8r0TYCG/SOZ7LXHJQTRH2K6Azg2vZ1ez2lNF5LfOQV1P1jXmc2dBsIsoM+8SstpwPgRhg00yIyk64reWPj2DwgJUW6J2qH9duKSxJ/LTF6SMJvmPeF4rXoKXpN6bGylA==; 20:HWEf0hjPrAa1/NCVf9oOLc+Wi/uFQYPJ1SE5TNqnxDygjrDSqdi6vMA3hxnO6kr/PzzWCqr2yQ72RIgymTe8P8OAmCeQG4vGj/JclG5cjN5z1vuR7OzRkawcjGwtqKcRQzfPdoUngwAukIuop7ZM6hjhM9xlSBz/TqynWmpkXOQ= X-OriginatorOrg: vmware.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jun 2017 13:24:59.1728 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR05MB753 Cc: stable@vger.kernel.org X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Sinclair Yeh When vmw_gb_surface_define_ioctl() is called with an existing buffer, we end up returning an uninitialized variable in the backup_handle. The fix is to first initialize backup_handle to 0 just to be sure, and second, when a user-provided buffer is found, we will use the req->buffer_handle as the backup_handle. Cc: Reported-by: Murray McAllister Signed-off-by: Sinclair Yeh Reviewed-by: Deepak Rawat --- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index baf03d4..834bb10 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c @@ -1274,7 +1274,7 @@ int vmw_gb_surface_define_ioctl(struct drm_device *dev, void *data, struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; int ret; uint32_t size; - uint32_t backup_handle; + uint32_t backup_handle = 0; if (req->multisample_count != 0) return -EINVAL; @@ -1317,12 +1317,16 @@ int vmw_gb_surface_define_ioctl(struct drm_device *dev, void *data, ret = vmw_user_dmabuf_lookup(tfile, req->buffer_handle, &res->backup, &user_srf->backup_base); - if (ret == 0 && res->backup->base.num_pages * PAGE_SIZE < - res->backup_size) { - DRM_ERROR("Surface backup buffer is too small.\n"); - vmw_dmabuf_unreference(&res->backup); - ret = -EINVAL; - goto out_unlock; + if (ret == 0) { + if (res->backup->base.num_pages * PAGE_SIZE < + res->backup_size) { + DRM_ERROR("Surface backup buffer is too small.\n"); + vmw_dmabuf_unreference(&res->backup); + ret = -EINVAL; + goto out_unlock; + } else { + backup_handle = req->buffer_handle; + } } } else if (req->drm_surface_flags & drm_vmw_surface_flag_create_buffer) ret = vmw_user_dmabuf_alloc(dev_priv, tfile,