| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 13 Sep 2015 11:36:07 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Sudip Mukherjee <sudipm.mukherjee@...il.com>
Cc: David Airlie <airlied@...ux.ie>,
Daniel Vetter <daniel.vetter@...ll.ch>,
linux-kernel@...r.kernel.org, dri-devel@...ts.freedesktop.org
Subject: Re: [PATCH] drm/mgag200: fix memory leak
* Sudip Mukherjee <sudipm.mukherjee@...il.com> wrote:
> If drm_fb_helper_alloc_fbi() fails then we were directly returning
> without freeing sysram. Also if drm_fb_helper_alloc_fbi() succeeds but
> mgag200_framebuffer_init() fails then we were not releasing sysram and
> we were not releasing fbi helper also.
>
> Signed-off-by: Sudip Mukherjee <sudip@...torindia.org>
> ---
> drivers/gpu/drm/mgag200/mgag200_fb.c | 15 ++++++++++++---
> 1 file changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/mgag200/mgag200_fb.c b/drivers/gpu/drm/mgag200/mgag200_fb.c
> index 87de15e..5fe476a 100644
> --- a/drivers/gpu/drm/mgag200/mgag200_fb.c
> +++ b/drivers/gpu/drm/mgag200/mgag200_fb.c
> @@ -189,14 +189,16 @@ static int mgag200fb_create(struct drm_fb_helper *helper,
> return -ENOMEM;
>
> info = drm_fb_helper_alloc_fbi(helper);
> - if (IS_ERR(info))
> - return PTR_ERR(info);
> + if (IS_ERR(info)) {
> + ret = PTR_ERR(info);
> + goto err_alloc_fbi;
> + }
>
> info->par = mfbdev;
>
> ret = mgag200_framebuffer_init(dev, &mfbdev->mfb, &mode_cmd, gobj);
> if (ret)
> - return ret;
> + goto err_framebuffer_init;
>
> mfbdev->sysram = sysram;
> mfbdev->size = size;
> @@ -226,6 +228,13 @@ static int mgag200fb_create(struct drm_fb_helper *helper,
> DRM_DEBUG_KMS("allocated %dx%d\n",
> fb->width, fb->height);
> return 0;
> +
> +err_framebuffer_init:
> + drm_fb_helper_release_fbi(helper);
> +
> +err_alloc_fbi:
> + vfree(sysram);
> + return ret;
> }
>
> static int mga_fbdev_destroy(struct drm_device *dev,
There's a new regression: v4.3-rc1 crashes on bootup on non-supported hardware, if
CONFIG_DRM_MGAG200=y (built into the kernel).
[ 10.191561] bus: 'i2c': add device i2c-0
[ 10.227367] mgadrmfb: enable CONFIG_FB_LITTLE_ENDIAN to support this framebuffer
[ 10.235781] [drm:mgag200_modeset_init] *ERROR* mga_fbdev_init failed
[ 10.242992] mgag200 0000:0b:00.0: Fatal error during modeset init: -22
[ 10.250456] kfree_debugcheck: out of range ptr 6b6b6b6b6b6b6b6bh.
[ 10.257378] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 10.264730] Modules linked in:
[ 10.268319] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.3.0-rc1-01643-g6013d75-dirty #15
[ 10.277498] Hardware name: Intel Corporation S2600GZ/S2600GZ, BIOS SE5C600.86B.02.02.0002.122320131210 12/23/2013
[ 10.289111] task: ffff88017fb6c040 ti: ffff88017fb70000 task.ti: ffff88017fb70000
[ 10.297611] RIP: 0010:[<ffffffffa493d1a7>] [<ffffffffa493d1a7>] kfree_debugcheck+0x20/0x25
[ 10.307170] RSP: 0000:ffff88017fb73b28 EFLAGS: 00010086
[ 10.313213] RAX: 0000000000000035 RBX: 6b6b6b6b6b6b6b6b RCX: 0000000000000000
[ 10.321297] RDX: ffffffffa489ac8f RSI: ffffffffa489b27b RDI: ffffffffa489b11e
[ 10.329381] RBP: ffff88017fb73b30 R08: 0000000000000001 R09: 0000000000000000
[ 10.337466] R10: ffffffffa537dec0 R11: 0000000000000000 R12: 0000000000000001
[ 10.345549] R13: ffffffffa4c2c22a R14: 0000000000000202 R15: ffff8807ee3f1018
[ 10.353632] FS: 0000000000000000(0000) GS:ffff88081b200000(0000) knlGS:0000000000000000
[ 10.362812] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 10.369330] CR2: 0000000000000000 CR3: 00000000258c0000 CR4: 00000000001406f0
[ 10.377415] Stack:
[ 10.379761] 6b6b6b6b6b6b6b6b ffff88017fb73b70 ffffffffa493e421 ffff8807ee784ea0
[ 10.388499] ffff8807ee784e18 0000000000000001 ffff8807ee361060 00000000ffffffea
[ 10.397238] ffff8807ee3f1018 ffff88017fb73b98 ffffffffa4c2c22a ffff8807ee784e18
[ 10.405968] Call Trace:
[ 10.408804] [<ffffffffa493e421>] kfree+0x5a/0x195
[ 10.414256] [<ffffffffa4c2c22a>] drm_fb_helper_crtc_free+0x28/0x75
[ 10.421368] [<ffffffffa4c2cbbd>] drm_fb_helper_fini+0x6b/0x6e
[ 10.427996] [<ffffffffa4ce522d>] mgag200_fbdev_fini+0x8a/0xb9
[ 10.434621] [<ffffffffa4ce0a17>] mgag200_driver_unload+0x23/0x43
[ 10.441539] [<ffffffffa4ce0ee1>] mgag200_driver_load+0x4aa/0x4bc
[ 10.448458] [<ffffffffa4c3537c>] drm_dev_register+0x6a/0xab
[ 10.454889] [<ffffffffa4c36e42>] drm_get_pci_dev+0xe8/0x1ab
[ 10.461322] [<ffffffffa4ce4b73>] mga_pci_probe+0xa1/0xaa
[ 10.467465] [<ffffffffa4b785ba>] pci_device_probe+0x7e/0xe8
...
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists