[PATCH 2/2] drm: don't oops in ioctls that require the lock if no lock

[Dave Airlie]

From: Dave Airlie <airlied at redhat.com>

if we don't have a lock, detect it early and avoid oopsing, this should
fix some of the NULL pointer derefs under fuzzing.

Reported-by: Tommi Rantala <tt.rantala at gmail.com>
Signed-off-by: Dave Airlie <airlied at redhat.com>
---
 drivers/gpu/drm/drm_context.c |    5 +++++
 drivers/gpu/drm/drm_lock.c    |    3 +++
 2 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/drivers/gpu/drm/drm_context.c b/drivers/gpu/drm/drm_context.c
index a186563..7db0fb0 100644
--- a/drivers/gpu/drm/drm_context.c
+++ b/drivers/gpu/drm/drm_context.c
@@ -394,6 +394,9 @@ int drm_switchctx(struct drm_device *dev, void *data,
 {
 	struct drm_ctx *ctx = data;
 
+	if (!file_priv->master->lock.hw_lock)
+		return -EINVAL;
+
 	DRM_DEBUG("%d\n", ctx->handle);
 	return drm_context_switch(dev, dev->last_context, ctx->handle);
 }
@@ -414,6 +417,8 @@ int drm_newctx(struct drm_device *dev, void *data,
 {
 	struct drm_ctx *ctx = data;
 
+	if (!file_priv->master->lock.hw_lock)
+		return -EINVAL;
 	DRM_DEBUG("%d\n", ctx->handle);
 	drm_context_switch_complete(dev, file_priv, ctx->handle);
 
diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c
index d752c96..e177abe 100644
--- a/drivers/gpu/drm/drm_lock.c
+++ b/drivers/gpu/drm/drm_lock.c
@@ -157,6 +157,9 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv)
 		return -EINVAL;
 	}
 
+	if (!master->lock.hw_lock)
+		return -EINVAL;
+
 	atomic_inc(&dev->counts[_DRM_STAT_UNLOCKS]);
 
 	if (drm_lock_free(&master->lock, lock->context)) {
-- 
1.7.1