Re: [PATCH v2 1/1] drm/mediatek: Fix potential KP on 0 bytes nvmem cell read
From: Guillaume Ranquet
Date: Wed Oct 09 2024 - 12:06:40 EST
On Fri, 27 Sep 2024 11:03, Liankun Yang <liankun.yang@xxxxxxxxxxxx> wrote:
>If the len is 0, kernel crash will occur when performing operations.
>Add the len check conditions to prevent kernel crash.
>
>Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver")
>Signed-off-by: Liankun Yang <liankun.yang@xxxxxxxxxxxx>
>---
>Changes in V2:
>- Fix the commit title.
>- Remove blank line between the Fixes and Signe-off-by.
>- Modify the judgment writing method.
>Per suggestion from the previous thread:
>https://patchwork.kernel.org/project/linux-mediatek/patch/20240925084116.28848-1-liankun.yang@xxxxxxxxxxxx/
>---
> drivers/gpu/drm/mediatek/mtk_dp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c
>index d8796a904eca..9ecdf62398ee 100644
>--- a/drivers/gpu/drm/mediatek/mtk_dp.c
>+++ b/drivers/gpu/drm/mediatek/mtk_dp.c
>@@ -1082,7 +1082,7 @@ static void mtk_dp_get_calibration_data(struct mtk_dp *mtk_dp)
> buf = (u32 *)nvmem_cell_read(cell, &len);
> nvmem_cell_put(cell);
>
>- if (IS_ERR(buf) || ((len / sizeof(u32)) != 4)) {
>+ if (IS_ERR(buf) || !len || ((len / sizeof(u32)) != 4)) {
> dev_warn(dev, "Failed to read nvmem_cell_read\n");
Hello Liankun,
Would you be able to describe the crash with more details?
I'm afraid I don't understand the fix?
if len is 0, dividing 0 by sizeof(u32) is 0 and thus != 4
So to me, checking for len != 0 is redundant?
Thx,
Guillaume.
>
> if (!IS_ERR(buf))
>--
>2.45.2