euler inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8RJA9?from=project-issue CVE: NA --------------------------- we get (Unable to handle kernel NULL pointer dereference at virtual address 000000000000000c) when call drm_property_blob_put(). After analysis, we get the following process: alloc failed: drm_atomic_set_mode_for_crtc() drm_property_create_blob() // failed state->mode_blob = ERR_PTR(-ENOMEM) free illegal pointer: __drm_atomic_helper_crtc_destroy_state() drm_property_blob_put(state->mode_blob) drm_mode_object_put(&blob->base); // here blob is ERR_PTR(-ENOMEM) So do we have to determine if blob is an error code before calling drm_mode_object_put(). Fixes: 6bcacf51d050 (drm: Add reference counting to blob properties) Signed-off-by: zhangnaichuan <zhangnaichuan@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> --- drivers/gpu/drm/drm_property.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_property.c b/drivers/gpu/drm/drm_property.c index dfec47983..4d1d04736 100644 --- a/drivers/gpu/drm/drm_property.c +++ b/drivers/gpu/drm/drm_property.c @@ -599,7 +599,7 @@ EXPORT_SYMBOL(drm_property_create_blob); */ void drm_property_blob_put(struct drm_property_blob *blob) { - if (!blob) + if (IS_ERR_OR_NULL(blob)) return; drm_mode_object_put(&blob->base); -- 2.33.0