From: Quanyang Wang <[email protected]> We need to check if bridge->debugfs_file->status is NULL, or else use strlen to get string length will cause crash as below:
root@xilinx-zynqmp:/sys/kernel/debug/xlnx-bridge# cat xlnx_bridge-display.gfx [ 36.201945] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 36.210737] Mem abort info: [ 36.213542] ESR = 0x96000005 [ 36.216591] EC = 0x25: DABT (current EL), IL = 32 bits [ 36.221906] SET = 0, FnV = 0 [ 36.224958] EA = 0, S1PTW = 0 [ 36.228082] Data abort info: [ 36.230961] ISV = 0, ISS = 0x00000005 [ 36.234792] CM = 0, WnR = 0 [ 36.237758] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000802695000 [ 36.244196] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 36.252906] Internal error: Oops: 96000005 [#1] SMP [ 36.257772] Modules linked in: [ 36.252906] Internal error: Oops: 96000005 [#1] SMP [ 36.279916] Hardware name: ZynqMP ZCU102 Rev1.0 (DT) [ 36.284867] pstate: 40000005 (nZcv daif -PAN -UAO -TCO BTYPE=--) [ 36.290869] pc : __pi_strlen+0x10/0x84 [ 36.294609] lr : xlnx_bridge_debugfs_read+0x48/0x148 ...... [ 36.382420] Call trace: [ 36.384853] __pi_strlen+0x10/0x84 [ 36.388249] full_proxy_read+0x60/0xb0 [ 36.391990] vfs_read+0xac/0x1d8 [ 36.395209] ksys_read+0x6c/0x100 [ 36.398516] __arm64_sys_read+0x1c/0x28 [ 36.402346] el0_svc_common.constprop.0+0x9c/0x1c0 [ 36.407127] do_el0_svc+0x70/0x90 [ 36.410437] el0_svc+0x14/0x20 [ 36.413482] el0_sync_handler+0xb0/0xb8 [ 36.417311] el0_sync+0x174/0x180 [ 36.420620] Code: b200c3eb 927cec01 f2400c07 54000261 (a8c10c22) [ 36.426704] ---[ end trace 03c5e7dbd3665fa9 ]--- In addition, return -EFAULT when copy_to_user fails. And there is no need to update file position. Signed-off-by: Quanyang Wang <[email protected]> --- drivers/gpu/drm/xlnx/xlnx_bridge.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/xlnx/xlnx_bridge.c b/drivers/gpu/drm/xlnx/xlnx_bridge.c index 1e8dc3e99961..09044987e80d 100644 --- a/drivers/gpu/drm/xlnx/xlnx_bridge.c +++ b/drivers/gpu/drm/xlnx/xlnx_bridge.c @@ -311,7 +311,7 @@ static ssize_t xlnx_bridge_debugfs_read(struct file *f, char __user *buf, size_t size, loff_t *pos) { struct xlnx_bridge *bridge = f->f_inode->i_private; - int ret; + int ret, count = 0; if (size <= 0) return -EINVAL; @@ -319,13 +319,14 @@ static ssize_t xlnx_bridge_debugfs_read(struct file *f, char __user *buf, if (*pos != 0) return 0; - size = min(size, strlen(bridge->debugfs_file->status)); - ret = copy_to_user(buf, bridge->debugfs_file->status, size); - if (ret) - return ret; + if (bridge->debugfs_file->status) { + count = min(size, strlen(bridge->debugfs_file->status)); + ret = copy_to_user(buf, bridge->debugfs_file->status, count); + if (ret) + count = -EFAULT; + } - *pos = size + 1; - return size; + return count; } static ssize_t xlnx_bridge_debugfs_write(struct file *f, const char __user *buf, -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9853): https://lists.yoctoproject.org/g/linux-yocto/message/9853 Mute This Topic: https://lists.yoctoproject.org/mt/82715726/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
