[PATCH 2/2] drm: don't oops in ioctls that require the lock if no lock

19 Feb 2013

From: Dave Airlie airlied@redhat.com
if we don't have a lock, detect it early and avoid oopsing, this should
fix some of the NULL pointer derefs under fuzzing.
Reported-by: Tommi Rantala tt.rantala@gmail.com
Signed-off-by: Dave Airlie airlied@redhat.com
---
 drivers/gpu/drm/drm_context.c |    5 +++++
 drivers/gpu/drm/drm_lock.c    |    3 +++
 2 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/drivers/gpu/drm/drm_context.c b/drivers/gpu/drm/drm_context.c
index a186563..7db0fb0 100644
--- a/drivers/gpu/drm/drm_context.c
+++ b/drivers/gpu/drm/drm_context.c
@@ -394,6 +394,9 @@ int drm_switchctx(struct drm_device *dev, void *data,
 {
    struct drm_ctx *ctx = data;
+	if (!file_priv->master->lock.hw_lock)
+		return -EINVAL;
+
    DRM_DEBUG("%d\n", ctx->handle);
    return drm_context_switch(dev, dev->last_context, ctx->handle);
 }
@@ -414,6 +417,8 @@ int drm_newctx(struct drm_device *dev, void *data,
 {
    struct drm_ctx *ctx = data;
+	if (!file_priv->master->lock.hw_lock)
+		return -EINVAL;
    DRM_DEBUG("%d\n", ctx->handle);
    drm_context_switch_complete(dev, file_priv, ctx->handle);
diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c
index d752c96..e177abe 100644
--- a/drivers/gpu/drm/drm_lock.c
+++ b/drivers/gpu/drm/drm_lock.c
@@ -157,6 +157,9 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv)
    	return -EINVAL;
    }
+	if (!master->lock.hw_lock)
+		return -EINVAL;
+
    atomic_inc(&dev->counts[_DRM_STAT_UNLOCKS]);
if (drm_lock_free(&master->lock, lock->context)) {
-- 
1.7.1


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[PATCH 2/2] drm: don't oops in ioctls that require the lock if no lock