lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <51258cfb-c3d4-ade3-0195-54835445d321@amd.com>
Date:   Fri, 21 Jan 2022 14:03:13 -0500
From:   Harry Wentland <harry.wentland@....com>
To:     Yongzhi Liu <lyz_cs@....edu.cn>, sunpeng.li@....com,
        Rodrigo.Siqueira@....com, alexander.deucher@....com,
        christian.koenig@....com, Xinhui.Pan@....com, airlied@...ux.ie,
        daniel@...ll.ch, mikita.lipski@....com, Wayne.Lin@....com,
        Nicholas.Kazlauskas@....com, Jerry.Zuo@....com,
        Anson.Jacob@....com, eryk.brol@....com, aurabindo.pillai@....com,
        nirmoy.das@....com
Cc:     amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drm/amd/display: Fix memory leak

On 2022-01-21 06:26, Yongzhi Liu wrote:
> [why]
> Resource release is needed on the error handling path
> to prevent memory leak.
> 
> [how]
> Fix this by adding kfree on the error handling path.
> 
> Signed-off-by: Yongzhi Liu <lyz_cs@....edu.cn>

Reviewed-by: Harry Wentland <harry.wentland@....com>

Harry

> ---
>  .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c  | 80 ++++++++++++++++------
>  1 file changed, 60 insertions(+), 20 deletions(-)
> 
> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
> index ded64d0..e463d46 100644
> --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
> +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
> @@ -227,8 +227,10 @@ static ssize_t dp_link_settings_read(struct file *f, char __user *buf,
>  			break;
>  
>  		r = put_user(*(rd_buf + result), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  
>  		buf += 1;
>  		size -= 1;
> @@ -389,8 +391,10 @@ static ssize_t dp_phy_settings_read(struct file *f, char __user *buf,
>  			break;
>  
>  		r = put_user((*(rd_buf + result)), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  
>  		buf += 1;
>  		size -= 1;
> @@ -1359,8 +1363,10 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf,
>  				break;
>  	}
>  
> -	if (!pipe_ctx)
> +	if (!pipe_ctx) {
> +		kfree(rd_buf);
>  		return -ENXIO;
> +	}
>  
>  	dsc = pipe_ctx->stream_res.dsc;
>  	if (dsc)
> @@ -1376,8 +1382,10 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf,
>  			break;
>  
>  		r = put_user(*(rd_buf + result), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  
>  		buf += 1;
>  		size -= 1;
> @@ -1546,8 +1554,10 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf,
>  				break;
>  	}
>  
> -	if (!pipe_ctx)
> +	if (!pipe_ctx) {
> +		kfree(rd_buf);
>  		return -ENXIO;
> +	}
>  
>  	dsc = pipe_ctx->stream_res.dsc;
>  	if (dsc)
> @@ -1563,8 +1573,10 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf,
>  			break;
>  
>  		r = put_user(*(rd_buf + result), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  
>  		buf += 1;
>  		size -= 1;
> @@ -1731,8 +1743,10 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf,
>  				break;
>  	}
>  
> -	if (!pipe_ctx)
> +	if (!pipe_ctx) {
> +		kfree(rd_buf);
>  		return -ENXIO;
> +	}
>  
>  	dsc = pipe_ctx->stream_res.dsc;
>  	if (dsc)
> @@ -1748,8 +1762,10 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf,
>  			break;
>  
>  		r = put_user(*(rd_buf + result), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  
>  		buf += 1;
>  		size -= 1;
> @@ -1912,8 +1928,10 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf,
>  				break;
>  	}
>  
> -	if (!pipe_ctx)
> +	if (!pipe_ctx) {
> +		kfree(rd_buf);
>  		return -ENXIO;
> +	}
>  
>  	dsc = pipe_ctx->stream_res.dsc;
>  	if (dsc)
> @@ -1929,8 +1947,10 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf,
>  			break;
>  
>  		r = put_user(*(rd_buf + result), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  
>  		buf += 1;
>  		size -= 1;
> @@ -2088,8 +2108,10 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf,
>  				break;
>  	}
>  
> -	if (!pipe_ctx)
> +	if (!pipe_ctx) {
> +		kfree(rd_buf);
>  		return -ENXIO;
> +	}
>  
>  	dsc = pipe_ctx->stream_res.dsc;
>  	if (dsc)
> @@ -2105,8 +2127,10 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf,
>  			break;
>  
>  		r = put_user(*(rd_buf + result), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  
>  		buf += 1;
>  		size -= 1;
> @@ -2145,8 +2169,10 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf,
>  				break;
>  	}
>  
> -	if (!pipe_ctx)
> +	if (!pipe_ctx) {
> +		kfree(rd_buf);
>  		return -ENXIO;
> +	}
>  
>  	dsc = pipe_ctx->stream_res.dsc;
>  	if (dsc)
> @@ -2162,8 +2188,10 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf,
>  			break;
>  
>  		r = put_user(*(rd_buf + result), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  
>  		buf += 1;
>  		size -= 1;
> @@ -2217,8 +2245,10 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf,
>  				break;
>  	}
>  
> -	if (!pipe_ctx)
> +	if (!pipe_ctx) {
> +		kfree(rd_buf);
>  		return -ENXIO;
> +	}
>  
>  	dsc = pipe_ctx->stream_res.dsc;
>  	if (dsc)
> @@ -2234,8 +2264,10 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf,
>  			break;
>  
>  		r = put_user(*(rd_buf + result), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  
>  		buf += 1;
>  		size -= 1;
> @@ -2289,8 +2321,10 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf,
>  				break;
>  	}
>  
> -	if (!pipe_ctx)
> +	if (!pipe_ctx) {
> +		kfree(rd_buf);
>  		return -ENXIO;
> +	}
>  
>  	dsc = pipe_ctx->stream_res.dsc;
>  	if (dsc)
> @@ -2306,8 +2340,10 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf,
>  			break;
>  
>  		r = put_user(*(rd_buf + result), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  
>  		buf += 1;
>  		size -= 1;
> @@ -3459,8 +3495,10 @@ static ssize_t dcc_en_bits_read(
>  	dc->hwss.get_dcc_en_bits(dc, dcc_en_bits);
>  
>  	rd_buf = kcalloc(rd_buf_size, sizeof(char), GFP_KERNEL);
> -	if (!rd_buf)
> +	if (!rd_buf) {
> +		kfree(dcc_en_bits);
>  		return -ENOMEM;
> +	}
>  
>  	for (i = 0; i < num_pipes; i++)
>  		offset += snprintf(rd_buf + offset, rd_buf_size - offset,
> @@ -3473,8 +3511,10 @@ static ssize_t dcc_en_bits_read(
>  		if (*pos >= rd_buf_size)
>  			break;
>  		r = put_user(*(rd_buf + result), buf);
> -		if (r)
> +		if (r) {
> +			kfree(rd_buf);
>  			return r; /* r = -EFAULT */
> +		}
>  		buf += 1;
>  		size -= 1;
>  		*pos += 1;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ