[PATCH v2] drm/vc4: Fix NULL pointer dereference in vc4_save_hang_state()
Eric Anholt
eric at anholt.net
Sun Jan 21 03:08:47 UTC 2018
Boris Brezillon <boris.brezillon at free-electrons.com> writes:
> When saving BOs in the hang state we skip one entry of the
> kernel_state->bo[] array, thus leaving it to NULL. This leads to a NULL
> pointer dereference when, later in this function, we iterate over all
> BOs to check their ->madv state.
>
> Fixes: ca26d28bbaa3 ("drm/vc4: improve throughput by pipelining binning and rendering jobs")
> Cc: <stable at vger.kernel.org>
> Signed-off-by: Boris Brezillon <boris.brezillon at free-electrons.com>
> ---
> Changes in v2:
> - Get rid of prev_idx an replace it by k which is indepently incremented
> every time a new object is added to kernel_state->bo[].
> - Add a WARN_ON_ONCE() when final value of k is inconsistent
Reviewed and pushed to drm-misc-fixes back on Thursday. Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20180121/3e9671d3/attachment.sig>
More information about the dri-devel
mailing list