[PATCH] drm/vmwgfx: Fix possible usage of an uninitialized variable
Martin Krastev
krastevm at vmware.com
Thu Dec 16 09:49:37 UTC 2021
On Wed, 2021-12-15 at 15:02 -0500, Zack Rusin wrote:
> From: Zack Rusin <zackr at vmware.com>
>
> vmw_user_bo_lookup can fail to lookup user buffers, especially because
> the buffer handles come from the userspace. The return value has
> to be checked before the buffers are put back.
>
> This was spotted by Dan's Smatch statick checker:
> drivers/gpu/drm/vmwgfx/vmwgfx_bo.c:574 vmw_user_bo_synccpu_release()
> error: uninitialized symbol 'vmw_bo'.
>
> Signed-off-by: Zack Rusin <zackr at vmware.com>
> Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
> Fixes: 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM")
> ---
> drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
> index 15fead85450c..31aecc46624b 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
> @@ -568,10 +568,12 @@ static int vmw_user_bo_synccpu_release(struct drm_file *filp,
> struct vmw_buffer_object *vmw_bo;
> int ret = vmw_user_bo_lookup(filp, handle, &vmw_bo);
>
> - if (!(flags & drm_vmw_synccpu_allow_cs)) {
> - atomic_dec(&vmw_bo->cpu_writers);
> + if (!ret) {
> + if (!(flags & drm_vmw_synccpu_allow_cs)) {
> + atomic_dec(&vmw_bo->cpu_writers);
> + }
> + ttm_bo_put(&vmw_bo->base);
> }
> - ttm_bo_put(&vmw_bo->base);
>
> return ret;
> }
Reviewed-by: Martin Krastev <krastevm at vmware.com>
--
Regards,
Martin
More information about the dri-devel
mailing list