[Intel-gfx] NULL ptr dereference in i915_gem_alloc_object()
Linus Torvalds
torvalds at linux-foundation.org
Sun Jan 19 02:28:51 CET 2014
Testing running out of file descriptors shows a NULL pointer
dereference in i915_gem_alloc_object() because base.filp ends up being
NULL. So the line
mapping = file_inode(obj->base.filp)->i_mapping;
will cause an oops. The call chain is
SyS_ioctl ->
do_vfs_ioctl ->
drm_ioctl ->
i915_gem_create_ioctl ->
i915_gem_create ->
i915_gem_alloc_object
Now, some functions do test "base.filp" for NULL (see for example
i915_gem_pread_ioctl()) so clearly people know that the filp may not
exist. But that path does not.
Comments? Patches even?
Linus
More information about the Intel-gfx
mailing list