On Thu, May 20, 2021 at 07:10:39PM +0530, Anirudh Rayabharam wrote:
On Mon, May 17, 2021 at 12:57:14AM +0530, Anirudh Rayabharam wrote:
The return value of hga_card_detect() is not properly handled causing the probe to succeed even though hga_card_detect() failed. Since probe succeeds, hgafb_open() can be called which will end up operating on an unmapped hga_vram. This results in an out-of-bounds access as reported by kernel test robot [1].
To fix this, correctly detect failure of hga_card_detect() by checking for a non-zero error code.
Reported-by: kernel test robot oliver.sang@intel.com Fixes: dc13cac4862c ("video: hgafb: fix potential NULL pointer dereference")
Greg, this is one of the UMN fixes we did. So, do you want to take this patch into your tree?
Yes, will queue it up in a few days after Linus takes the current pull request I sent him for this.
thanks,
greg k-h