From 1ceefbfeb47c14b87d130fff2be6fa02f646f0fa Mon Sep 17 00:00:00 2001
From: Zack Rusin <zackr@vmware.com>
Date: Wed, 15 Dec 2021 15:02:24 -0500
Subject: drm/vmwgfx: Fix possible usage of an uninitialized variable
Git-commit: 58fa0d90eddeda37b32597eda139e888ebe5af04
Patch-mainline: v5.17-rc1
References: jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
Alt-commit: 60c9ecd705be3a28f79d70ea21c3939db668bf46
vmw_user_bo_lookup can fail to lookup user buffers, especially because
the buffer handles come from the userspace. The return value has
to be checked before the buffers are put back.
This was spotted by Dan's Smatch statick checker:
drivers/gpu/drm/vmwgfx/vmwgfx_bo.c:574 vmw_user_bo_synccpu_release()
error: uninitialized symbol 'vmw_bo'.
Signed-off-by: Zack Rusin <zackr@vmware.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM")
Reviewed-by: Martin Krastev <krastevm@vmware.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211215200224.3693345-1-zack@kde.org
(cherry picked from commit 60c9ecd705be3a28f79d70ea21c3939db668bf46)
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Acked-by: Patrik Jakobsson <pjakobsson@suse.de>
---
drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
index 15fead85450c..31aecc46624b 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
@@ -568,10 +568,12 @@ static int vmw_user_bo_synccpu_release(struct drm_file *filp,
struct vmw_buffer_object *vmw_bo;
int ret = vmw_user_bo_lookup(filp, handle, &vmw_bo);
- if (!(flags & drm_vmw_synccpu_allow_cs)) {
- atomic_dec(&vmw_bo->cpu_writers);
+ if (!ret) {
+ if (!(flags & drm_vmw_synccpu_allow_cs)) {
+ atomic_dec(&vmw_bo->cpu_writers);
+ }
+ ttm_bo_put(&vmw_bo->base);
}
- ttm_bo_put(&vmw_bo->base);
return ret;
}
--
2.38.1