| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 05 Mar 2018 15:01:24 +0800
From: JeffyChen <jeffy.chen@...k-chips.com>
To: Laurent Pinchart <laurent.pinchart@...asonboard.com>,
Enric Balletbo i Serra <enric.balletbo@...labora.com>
CC: Sandy Huang <hjc@...k-chips.com>,
Heiko Stübner <heiko@...ech.de>,
Andrzej Hajda <a.hajda@...sung.com>,
linux-rockchip@...ts.infradead.org,
Archit Taneja <architt@...eaurora.org>,
linux-kernel@...r.kernel.org,
Russell King <rmk+kernel@...linux.org.uk>,
Neil Armstrong <narmstrong@...libre.com>,
dri-devel@...ts.freedesktop.org,
Jose Abreu <Jose.Abreu@...opsys.com>,
Hans Verkuil <hverkuil@...all.nl>,
Jernej Skrabec <jernej.skrabec@...l.net>,
linux-arm-kernel@...ts.infradead.org,
David Airlie <airlied@...ux.ie>, kernel@...labora.com,
Daniel Vetter <daniel.vetter@...ll.ch>,
Sean Paul <seanpaul@...omium.org>
Subject: Re: [PATCH v9 5/5] drm/bridge/synopsys: dw-hdmi: Add missing bridge
detach
Hi Laurent,
sorry, you're right, this patch should not be needed.
the connector should be cleanup by
drm_mode_config_cleanup->drm_connector_put.
i did that in analogix_dp is to avoid a use-after-free issue not
kmemleak, because the connector was allocated/freed in analogix_dp's
bind/unbind.
but i found a kmemleak issue(dma_mask not freed) in dw-hdmi when testing
that, will send patch soon.
On 03/03/2018 08:20 AM, JeffyChen wrote:
> Hi Laurent,
>
> On 03/03/2018 05:49 AM, Laurent Pinchart wrote:
>> Hi Enric,
>>
>> Thank you for the patch.
>>
>> On Friday, 2 March 2018 19:57:57 EET Enric Balletbo i Serra wrote:
>>> From: Jeffy Chen <jeffy.chen@...k-chips.com>
>>>
>>> We inited connector in attach(), so need a detach() to cleanup.
>>
>> Do we ? The dw-hdmi driver already sets drm_connector_cleanup() as the
>> connector .destroy() handler, and the .destroy() operation is called
>> by the
>> DRM core. None of the other bridge drivers call drm_connector_cleanup()
>> directly.
>
> hmmm, checking the code, there are also lots of drivers do the
> cleanup(drm_connector_cleanup or funcs->destroy):
> drm# grep -r "connector.*funcs->destroy" .
> ./rockchip/inno_hdmi.c: hdmi->connector.funcs->destroy(&hdmi->connector);
> ./rockchip/cdn-dp-core.c: connector->funcs->destroy(connector);
> ./bridge/analogix/analogix_dp_core.c:
> dp->connector.funcs->destroy(&dp->connector);
> ./msm/hdmi/hdmi.c: hdmi->connector->funcs->destroy(hdmi->connector);
> ./msm/dsi/dsi.c: msm_dsi->connector->funcs->destroy(msm_dsi->connector);
> ./msm/edp/edp.c: edp->connector->funcs->destroy(edp->connector);
> ./zte/zx_hdmi.c: hdmi->connector.funcs->destroy(&hdmi->connector);
> ./drm_connector.c: connector->funcs->destroy(connector);
> ./drm_connector.c: connector->funcs->destroy(connector);
> ./nouveau/dispnv04/disp.c: connector->funcs->destroy(connector);
> ./nouveau/nv50_display.c: mstc->connector.funcs->destroy(&mstc->connector);
> ./nouveau/nv50_display.c: connector->funcs->destroy(connector);
>
>
>
> when i debug analogix_dp bind/unbind, i found that we need to cleanup
> the connector(reported by kmemleak). so i added it to
> ./bridge/analogix/analogix_dp_core.c...after that i saw dw-hdmi missing
> that too(by checking the code), so make this patch.
>
> but i didn't really tested it on devices using dw-hdmi, so i'm not very
> sure the dw-hdmi(maybe also other bridges) is the same with analogix_dp.
>
> i can try to find a chromebook veyron to check it next week :)
>
> but even there's a leak, i'm still not very sure about:
> should the caller of drm_connector_init cleanup it
> or the caller of drm_bridge_attach should do it(for example
> analogix_dp_bind/analogix_dp_unbind)
> or should the DRM core take care of that?
>
>>
>>> Signed-off-by: Jeffy Chen <jeffy.chen@...k-chips.com>
>>> Signed-off-by: Thierry Escande <thierry.escande@...labora.com>
>>> Signed-off-by: Enric Balletbo i Serra <enric.balletbo@...labora.com>
>>> ---
Powered by blists - more mailing lists