alloc_workqueue is not checked for errors and as a result, a potential NULL dereference could occur.
Signed-off-by: Allen Pais allen.pais@oracle.com --- drivers/gpu/drm/radeon/radeon_display.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c index bd52f15..1a41764 100644 --- a/drivers/gpu/drm/radeon/radeon_display.c +++ b/drivers/gpu/drm/radeon/radeon_display.c @@ -683,6 +683,10 @@ static void radeon_crtc_init(struct drm_device *dev, int index) drm_mode_crtc_set_gamma_size(&radeon_crtc->base, 256); radeon_crtc->crtc_id = index; radeon_crtc->flip_queue = alloc_workqueue("radeon-crtc", WQ_HIGHPRI, 0); + if (unlikely(!radeon_crtc->flip_queue)) { + kfree(radeon_crtc); + return; + } rdev->mode_info.crtcs[index] = radeon_crtc;
if (rdev->family >= CHIP_BONAIRE) {
On 2019-09-18 6:31 p.m., Allen Pais wrote:
alloc_workqueue is not checked for errors and as a result, a potential NULL dereference could occur.
Signed-off-by: Allen Pais allen.pais@oracle.com
drivers/gpu/drm/radeon/radeon_display.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c index bd52f15..1a41764 100644 --- a/drivers/gpu/drm/radeon/radeon_display.c +++ b/drivers/gpu/drm/radeon/radeon_display.c @@ -683,6 +683,10 @@ static void radeon_crtc_init(struct drm_device *dev, int index) drm_mode_crtc_set_gamma_size(&radeon_crtc->base, 256); radeon_crtc->crtc_id = index; radeon_crtc->flip_queue = alloc_workqueue("radeon-crtc", WQ_HIGHPRI, 0);
if (unlikely(!radeon_crtc->flip_queue)) {
kfree(radeon_crtc);return;} rdev->mode_info.crtcs[index] = radeon_crtc;
if (rdev->family >= CHIP_BONAIRE) {
I'm afraid just silently leaving the CRTC uninitialized isn't a good way to handle this. The failure would need to be propagated, probably resulting in the driver aborting its initialization altogether.
dri-devel@lists.freedesktop.org
-
Allen Pais -
Michel Dänzer