superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/gpu/drm
History
Ziqi Zhao 9b5044e17e drm/crtc: Fix uninit-value bug in drm_mode_setcrtc 
[ Upstream commit 3823119b9c ]

The connector_set contains uninitialized values when allocated with
kmalloc_array. However, in the "out" branch, the logic assumes that any
element in connector_set would be equal to NULL if failed to
initialize, which causes the bug reported by Syzbot. The fix is to use
an extra variable to keep track of how many connectors are initialized
indeed, and use that variable to decrease any refcounts in the "out"
branch.

Reported-by: syzbot+4fad2e57beb6397ab2fc@syzkaller.appspotmail.com
Signed-off-by: Ziqi Zhao <astrajoan@yahoo.com>
Reported-and-tested-by: syzbot+4fad2e57beb6397ab2fc@syzkaller.appspotmail.com
Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Link: https://lore.kernel.org/r/20230721161446.8602-1-astrajoan@yahoo.com
Signed-off-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-01-20 11:50:07 +01:00
..
amd drm/amdgpu: Add NULL checks for function pointers 2024-01-20 11:50:06 +01:00
arm drm/komeda: drop all currently held locks if deadlock happens 2023-11-28 17:06:57 +00:00
armada drm/armada: Fix off-by-one error in armada_overlay_get_property() 2023-09-13 09:42:42 +02:00
aspeed
ast drm/ast: Fix DRAM init on AST2200 2023-09-19 12:27:56 +02:00
atmel-hlcdc
bridge drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer 2024-01-10 17:10:21 +01:00
display drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() 2023-11-02 09:35:25 +01:00
etnaviv drm/etnaviv: fix dumping of active MMU context 2023-09-13 09:42:39 +02:00
exynos drm/exynos: fix a wrong error checking 2024-01-20 11:50:06 +01:00
fsl-dcu drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() 2022-12-31 13:33:06 +01:00
gma500 drm/gma500: Fix call trace when psb_gem_mm_init() fails 2023-11-28 17:06:56 +00:00
gud drm/gud: Fix UBSAN warning 2023-03-10 09:34:33 +01:00
hisilicon
hyperv drm/hyperv: Fix a compilation issue because of not including screen_info.h 2023-09-13 09:42:36 +02:00
i2c
i810
i915 drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern 2024-01-10 17:10:22 +01:00
imx drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning 2023-08-11 12:08:25 +02:00
ingenic drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() 2023-01-07 11:11:57 +01:00
kmb
lib
lima drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() 2023-05-11 23:03:12 +09:00
logicvc drm/logicvc: Kconfig: select REGMAP and REGMAP_MMIO 2023-11-02 09:35:28 +01:00
mcde
mediatek drm/mediatek: Add spinlock for setting vblank event in atomic_begin 2023-12-20 17:00:21 +01:00
meson drm/meson: fix memory leak on ->hpd_notify callback 2023-10-06 14:57:06 +02:00
mga
mgag200 drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE 2024-01-10 17:10:21 +01:00
msm drm/msm/dp: skip validity check for DP CTS EDID checksum 2023-11-28 17:06:57 +00:00
mxsfb drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() 2023-09-19 12:28:06 +02:00
nouveau nouveau/tu102: flush all pdbs on vmm flush 2024-01-20 11:50:05 +01:00
omapdrm drm/omap: dsi: Fix excessive stack usage 2023-03-10 09:33:55 +01:00
panel drm/panel: simple: Fix Innolux G101ICE-L01 timings 2023-12-03 07:32:07 +01:00
panfrost drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path 2023-04-13 16:55:35 +02:00
pl111
qxl drm/qxl: prevent memory leak 2023-11-28 17:07:03 +00:00
r128
radeon drm/radeon: fix a possible null pointer dereference 2023-11-28 17:06:58 +00:00
rcar-du drm: rcar-du: remove R-Car H3 ES1.* workarounds 2023-08-23 17:52:20 +02:00
rockchip drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full 2023-12-03 07:32:07 +01:00
savage
scheduler dma-buf: add dma_fence_timestamp helper 2023-10-19 23:08:57 +02:00
shmobile
sis
solomon drm/ssd130x: Init display before the SSD130X_DISPLAY_ON command 2023-02-09 11:28:02 +01:00
sprd
sti drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() 2022-12-31 13:33:06 +01:00
stm drm/aperture: Remove primary argument 2023-08-30 16:10:57 +02:00
sun4i drm/aperture: Remove primary argument 2023-08-30 16:10:57 +02:00
tdfx
tegra drm/tegra: dpaux: Fix incorrect return value of platform_get_irq 2023-09-13 09:42:41 +02:00
tests drm/tests: Fix incorrect argument in drm_test_mm_insert_range 2023-10-06 14:57:03 +02:00
tidss drm: tidss: Fix pixel format definition 2023-03-10 09:33:09 +01:00
tilcdc
tiny drm: gm12u320: Fix the timeout usage for usb_bulk_msg() 2023-09-23 11:11:08 +02:00
ttm drm/ttm: Reorder sys manager cleanup step 2023-11-08 14:11:00 +01:00
tve200
udl
v3d
vboxvideo
vc4 drm/aperture: Remove primary argument 2023-08-30 16:10:57 +02:00
vgem drm/vgem: add missing mutex_destroy 2023-05-11 23:03:07 +09:00
via
virtio drm/virtio: Conditionally allocate virtio_gpu_fence 2023-09-19 12:27:55 +02:00
vkms drm/vkms: Fix RGB565 pixel conversion 2023-07-19 16:21:18 +02:00
vmwgfx drm: vmwgfx_surface.c: copy user-array safely 2023-11-28 17:06:57 +00:00
xen
xlnx drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask 2023-09-13 09:42:42 +02:00
Kconfig drm: Disable dynamic debug as broken 2023-02-22 12:59:46 +01:00
Makefile
drm_agpsupport.c
drm_aperture.c drm/aperture: Remove primary argument 2023-08-30 16:10:57 +02:00
drm_atomic.c drm/atomic: Fix potential use-after-free in nonblocking commits 2023-07-23 13:49:50 +02:00
drm_atomic_helper.c drm/atomic-helper: relax unregistered connector check 2023-10-19 23:08:55 +02:00
drm_atomic_state_helper.c
drm_atomic_uapi.c
drm_auth.c
drm_blend.c
drm_bridge.c drm/bridge: Introduce pre_enable_prev_first to alter bridge init order 2023-07-19 16:21:23 +02:00
drm_bridge_connector.c
drm_buddy.c drm: buddy_allocator: Fix buddy allocator init on 32-bit systems 2023-04-26 14:28:36 +02:00
drm_bufs.c
drm_cache.c
drm_client.c drm/client: Send hotplug event after registering a client 2023-07-23 13:49:28 +02:00
drm_client_modeset.c drm/client: Fix memory leak in drm_client_modeset_probe 2023-07-27 08:50:28 +02:00
drm_color_mgmt.c
drm_connector.c drm/connector: send hotplug uevent on connector cleanup 2023-01-07 11:11:56 +01:00
drm_context.c
drm_crtc.c drm/crtc: Fix uninit-value bug in drm_mode_setcrtc 2024-01-20 11:50:07 +01:00
drm_crtc_helper.c
drm_crtc_helper_internal.h
drm_crtc_internal.h
drm_damage_helper.c
drm_debugfs.c
drm_debugfs_crc.c
drm_displayid.c drm/displayid: add displayid_get_header() and check bounds better 2023-05-24 17:32:34 +01:00
drm_dma.c
drm_drv.c drm/drv: Fix potential memory leak in drm_dev_init() 2022-11-10 18:49:01 -05:00
drm_dumb_buffers.c
drm_edid.c drm/edid: Add quirk for OSVR HDK 2.0 2023-09-23 11:11:03 +02:00
drm_edid_load.c
drm_encoder.c
drm_encoder_slave.c
drm_fb_dma_helper.c
drm_fb_helper.c drm/client: Send hotplug event after registering a client 2023-07-23 13:49:28 +02:00
drm_file.c
drm_flip_work.c
drm_format_helper.c drm/format-helper: Only advertise supported formats for conversion 2022-10-31 09:50:44 +01:00
drm_fourcc.c drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats 2023-03-10 09:33:08 +01:00
drm_framebuffer.c
drm_gem.c drm/msm/gem: Prevent blocking within shrinker loop 2023-03-22 13:33:39 +01:00
drm_gem_atomic_helper.c
drm_gem_dma_helper.c
drm_gem_framebuffer_helper.c
drm_gem_shmem_helper.c drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() 2023-08-16 18:27:22 +02:00
drm_gem_ttm_helper.c
drm_gem_vram_helper.c drm/vram-helper: fix function names in vram helper doc 2023-07-19 16:21:16 +02:00
drm_hashtab.c
drm_internal.h drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() 2022-11-10 18:49:02 -05:00
drm_ioc32.c
drm_ioctl.c
drm_irq.c
drm_kms_helper_common.c
drm_lease.c drm_lease.c: copy user-array safely 2023-11-28 17:06:57 +00:00
drm_legacy.h
drm_legacy_misc.c
drm_lock.c
drm_managed.c drm: fix drmm_mutex_init() 2023-05-30 14:03:20 +01:00
drm_memory.c
drm_mipi_dbi.c
drm_mipi_dsi.c drm/mipi-dsi: Set the fwnode for mipi_dsi_device 2023-05-24 17:32:31 +01:00
drm_mm.c
drm_mode_config.c drm: Fix potential null-ptr-deref due to drmm_mode_config_init() 2023-03-10 09:33:08 +01:00
drm_mode_object.c
drm_modes.c
drm_modeset_helper.c
drm_modeset_lock.c
drm_nomodeset.c
drm_of.c
drm_panel.c
drm_panel_orientation_quirks.c drm: panel-orientation-quirks: Add quirk for One Mix 2S 2023-10-25 12:03:11 +02:00
drm_pci.c
drm_plane.c
drm_plane_helper.c
drm_prime.c
drm_print.c
drm_privacy_screen.c
drm_privacy_screen_x86.c
drm_probe_helper.c drm/probe-helper: Cancel previous job before starting new one 2023-05-11 23:03:07 +09:00
drm_property.c
drm_rect.c
drm_scatter.c
drm_self_refresh_helper.c
drm_simple_kms_helper.c
drm_syncobj.c drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE 2023-11-20 11:52:17 +01:00
drm_sysfs.c
drm_trace.h
drm_trace_points.c
drm_vblank.c
drm_vblank_work.c
drm_vm.c
drm_vma_manager.c drm/drm_vma_manager: Add drm_vma_node_allow_once() 2023-02-01 08:34:42 +01:00
drm_writeback.c