[PATCH] drm/vmwgfx: Avoid NULL-ptr dereference in vmw_cmd_dx_define_query()
Thomas Zimmermann
tzimmermann at suse.de
Wed Mar 1 16:07:48 UTC 2023
There have been reports [1][2] that vmw_cmd_dx_define_query() can
be called with ctx_node->ctx set to NULL, which results in undefined
behavior in vmw_context_cotable(). Avoid this be returning an errno
code.
Signed-off-by: Thomas Zimmermann <tzimmermann at suse.de>
Link: https://www.cve.org/CVERecord?id=CVE-2022-38096 # 1
Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=2073 # 2
Cc: stable at vger.kernel.org
---
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
index 6b9aa2b4ef54..1e90362add96 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
@@ -1256,7 +1256,7 @@ static int vmw_cmd_dx_define_query(struct vmw_private *dev_priv,
struct vmw_resource *cotable_res;
int ret;
- if (!ctx_node)
+ if (!ctx_node || !ctx_node->ctx)
return -EINVAL;
cmd = container_of(header, typeof(*cmd), header);
--
2.39.2
More information about the dri-devel
mailing list