nvalid memory access.
To fix this bug, add an check. Use a new value 'iter' as the list
iterator, while use the old value 'connector' as a dedicated variable
to point to the found element.
Cc: sta...@vger.kernel.org
Fixes: ("drm/omap: Add support for drm_panel")
Signed-
ooks better.
I have sent a PATCH v3 with changes as you suggested, please check it.
Thank you very much.
--
Xiaomeng Tong
t.
Signed-off-by: Xiaomeng Tong
---
changes since v2:
- replace switch with if statement (Patrik Jakobsson)
changes since v1:
- goto outside the loop (Xiaomeng Tong)
v2:
https://lore.kernel.org/dri-devel/20220406113143.10699-1-xiam0nd.t...@gmail.com/
v1: https://lore.kernel.org/lkml/20220401115
On Wed, 6 Apr 2022 09:27:19 +0200, Patrik Jakobsson wrote:
> On Fri, Apr 1, 2022 at 1:58 PM Xiaomeng Tong wrote:
> >
> > Instead of exiting the loop as expected when an entry is found, the
> > list_for_each_entry() continues until the traversal is complete. To
> > avo
Instead of exiting the loop as expected when an entry is found, the
list_for_each_entry() continues until the traversal is complete. To
avoid potential executing 'ret = gma_backlight_init(dev);' repeatly,
goto outside the loop when the entry is found.
Signed-off-by: Xiaomeng Tong
--
Instead of exiting the loop as expected when an entry is found, the
list_for_each_entry() continues until the traversal is complete. To
avoid potential executing 'ret = gma_backlight_init(dev);' repeatly,
break the loop when the entry is found.
Signed-off-by: Xiaomeng Tong
---
drive
Instead of exiting the loop as expected when an entry is found, the
list_for_each_entry() continues until the traversal is complete.
when found the entry, add a break after the switch statement.
Signed-off-by: Xiaomeng Tong
---
drivers/gpu/drm/gma500/psb_intel_display.c | 2 ++
1 file changed
On Fri, 1 Apr 2022 12:10:48 +0200, Patrik Jakobsson wrote:
> On Wed, Mar 30, 2022 at 2:03 PM Xiaomeng Tong wrote:
> >
> > Instead of exiting the loop as expected when an entry is found, the
> > list_for_each_entry() continues until the traversal is complete. To
> > avo
> On Wed, Mar 30, 2022 at 2:03 PM Xiaomeng Tong wrote:
> >
> > Instead of exiting the loop as expected when an entry is found, the
> > list_for_each_entry() continues until the traversal is complete. It
> > could result in multiple 'is_*' flags being set wit
dd the core DRM files and headers")
Signed-off-by: Xiaomeng Tong
---
drivers/gpu/drm/gma500/psb_drv.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/gma500/psb_drv.c b/drivers/gpu/drm/gma500/psb_drv.c
index 65cf1c79dd7c..d65a68811bf7 100644
--- a/drivers/gpu/drm/gma500/psb
l_dp_compute_m_n(bpp, lane_count,
To fix this, when found the entry, add a break after the switch statement.
Fixes: 8695b61294356 ("gma500: Add the support of display port on CDV")
Signed-off-by: Xiaomeng Tong
---
drivers/gpu/drm/gma500/cdv_intel_dp.c | 2 ++
1 file changed, 2 insertion
nt.
Fixes: 89c78134cc54d (" gma500: Add Poulsbo support")
Signed-off-by: Xiaomeng Tong
---
drivers/gpu/drm/gma500/psb_intel_display.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/gma500/psb_intel_display.c
b/drivers/gpu/drm/gma500/psb_intel_display.c
index 42d1a733e124.
y, too.
The invalid reference to 'ddi_select' is here:
cdv_dpll_set_clock_cdv(dev, crtc, &clock, is_lvds, ddi_select);
To fix this, when found the entry, add a break after the switch statement.
Fixes: d66760962d75 ("gma500: Program the DPLL lane based on the selected
digit
a69ac9ea85d87 ("drm/gma500: drm_connector_property ->
drm_object_property")
Signed-off-by: Xiaomeng Tong
---
drivers/gpu/drm/gma500/oaktrail_crtc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/gma500/oaktrail_crtc.c
b/drivers/gpu/drm/gma500/oaktrail_crtc.c
index 36c7c26
Instead of exiting the loop as expected when an entry is found, the
list_for_each_entry() continues until the traversal is complete. It
could lead to invalid reference or set 'is_*' flags mistakely.
To fix this, when an entry is found, add a break to exit the loop.
Xiaomeng Tong (5)
on Sun, 27 Mar 2022 16:59:28 +0100, Emil Velikov wrote:
> On Sun, 27 Mar 2022 at 08:39, Xiaomeng Tong wrote:
> >
> > The bug is here:
> > return encoder;
> >
> > The list iterator value 'encoder' will *always* be set and non-NULL
> > by d
se return
NULL. And add the NULL check.
Cc: sta...@vger.kernel.org
Fixes: 1f7f3d91ad38a ("drm/nouveau/clk: Respect voltage limits in
nvkm_cstate_prog")
Signed-off-by: Xiaomeng Tong
---
drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c | 6 --
1 file changed, 4 insertions(+), 2 delet
checks and lead to invalid memory
access passing the check.
To fix this bug, just return 'encoder' when found, otherwise return
NULL.
Cc: sta...@vger.kernel.org
Fixes: 12885ecbfe62d ("drm/nouveau/kms/nvd9-: Add CRC support")
Signed-off-by: Xiaomeng Tong
---
drivers/gpu/dr
03b4ad0f ("drm/msm/dpu: map mixer/ctl hw blocks in encoder modeset")
Signed-off-by: Xiaomeng Tong
---
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
b/driver
te will not be NULL at the end! so the assignment is necessary!
#define list_for_each_entry(pos, head, member) \
for (pos = __container_of((head)->next, pos, member); \
&pos->member != (head); \
pos = __container_of(pos->member.next, pos, member))
--
Xiaomeng Tong
27;iter' as the list iterator,
while use the original variable 'encoder' as a dedicated pointer
to point to the found element.
Cc: sta...@vger.kernel.org
Fixes: ec9eab097a500 ("drm/tilcdc: Add drm bridge support for attaching drm
bridge drivers")
Signed-off-by: Xi
if the
list is empty or no element is found.
To fix the bug, use a new variable '*_iter' as the list iterator,
while use the old variable 'encoder/bridge' as a dedicated pointer
to point to the found element.
Cc: sta...@vger.kernel.org
Fixes: 99e360442f223 ("drm/stm: Fi
nvalid memory access.
To fix this bug, add an check. Use a new value 'iter' as the list
iterator, while use the old value 'connector' as a dedicated variable
to point to the found element.
Cc: sta...@vger.kernel.org
Fixes: ("drm/omap: Add support for drm_panel")
Signed-
bject class, with
pstate control methods")
Signed-off-by: Xiaomeng Tong
---
drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c
b/drivers/gpu/drm/nouveau/nvkm/engine/
hen found, otherwise return NULL.
Cc: sta...@vger.kernel.org
fixes: 89c78134cc54d ("gma500: Add Poulsbo support")
Signed-off-by: Xiaomeng Tong
---
drivers/gpu/drm/gma500/psb_intel_display.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/gma500/psb_
'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset()
and it will lead to a NULL dereference by a lately use of it
(i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check.
Fixes: 62fb7a5e10962 ("virtio-gpu: add 3d/virgl support")
Signed-off-by: Xiaomeng Ton
== head, using the iterator
variable after the loop should be avoided.
In preparation to limiting the scope of a list iterator to the list
traversal loop, use a dedicated pointer to point to the found element [1].
Link: https://lore.kernel.org/all/yhdfeiwi4edth...@kroah.com/
Signed-off-by: Xiaome
correct for typo:
-for (struct list_head *list = head->next, cond = (struct list_head *)-1; cond
== (struct list_head *)-1; cond = NULL) \
+for (struct list_head *list = head->next, *cond = (struct list_head *)-1; cond
== (struct list_head *)-1; cond = NULL) \
--
Xiaomeng Tong
> From: Xiaomeng Tong
> > Sent: 03 March 2022 07:27
> >
> > On Thu, 3 Mar 2022 04:58:23 +, David Laight wrote:
> > > on 3 Mar 2022 10:27:29 +0800, Xiaomeng Tong wrote:
> > > > The problem is the mis-use of iterator outside the loop on exit, a
On Thu, 3 Mar 2022 12:18:24 +, Daniel Thompson wrote:
> On Thu, Mar 03, 2022 at 03:26:57PM +0800, Xiaomeng Tong wrote:
> > On Thu, 3 Mar 2022 04:58:23 +, David Laight wrote:
> > > on 3 Mar 2022 10:27:29 +0800, Xiaomeng Tong wrote:
> > > > The problem is the m
siable outside the loop (before and after the
loop).
It is maintainable longer-term than "type(pos) pos" one and perfect.
see my explain:
https://lore.kernel.org/lkml/20220302093106.8402-1-xiam0nd.t...@gmail.com/
and list_for_each_entry_inside(pos, type, head, member) patch here:
https://lore.kernel.org/lkml/20220301075839.4156-3-xiam0nd.t...@gmail.com/
--
Xiaomeng Tong
On Thu, 3 Mar 2022 04:58:23 +, David Laight wrote:
> on 3 Mar 2022 10:27:29 +0800, Xiaomeng Tong wrote:
> > The problem is the mis-use of iterator outside the loop on exit, and
> > the iterator will be the HEAD's container_of pointer which pointers
> > to a type-conf
that even if you don't get a warning,
> non-converted (or newly written) bad code won't actually _work_
>
> so you end up getting the new rules without any ambiguity or mistaken
It will lead to a wrong/NULL pointer dereference if the pointer is used
anywhere else, depend on which value is used to initialized with.
Best regard,
--
Xiaomeng Tong
"alternative definitions" details? thanks!
--
Xiaomeng Tong
34 matches
Mail list logo
