> A recent cleanup changed the kmalloc() + copy_from_user() to
> memdup_user() but the error handling wasn't updated so we might call
> kfree(-EFAULT) and crash.
>
> Fixes: a6e3918bcdb1 ('GPU-DRM-Savage: Use memdup_user() rather than
> duplicating')
> Signed-off-by: Dan Carpenter
>
> diff --git a/drivers/gpu/drm/savage/savage_state.c
> b/drivers/gpu/drm/savage/savage_state.c
> index 3dc0d8f..2db89be 100644
> --- a/drivers/gpu/drm/savage/savage_state.c
> +++ b/drivers/gpu/drm/savage/savage_state.c
> @@ -1004,6 +1004,7 @@ int savage_bci_cmdbuf(struct drm_device *dev, void
> *data, struct drm_file *file_
> kvb_addr = memdup_user(cmdbuf->vb_addr, cmdbuf->vb_size);
> if (IS_ERR(kvb_addr)) {
> ret = PTR_ERR(kvb_addr);
> + kvb_addr = NULL;
> goto done;
> }
> cmdbuf->vb_addr = kvb_addr;
>
Thanks for this update suggestion.
Can it be that I offered an other approach for a corresponding software
correction
by the update step â[PATCH 2/2] GPU-DRM-Savage: Less function calls in
savage_bci_cmdbuf() after error detectionâ (on 2016-08-18)?
https://patchwork.kernel.org/patch/9289183/
https://lkml.kernel.org/r/
Will this one become worth for further development consideratons once more?
Can the shown resetting of an error pointer to a safe null pointer be omitted
in such use cases when the jump targets will be accordingly configured as it is
desired for efficient exception handling implementations?
Regards,
Markus
