lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aPe8optzxlZ8Rwf5@chcpu18>
Date: Tue, 21 Oct 2025 17:02:26 +0000
From: Shuhao Fu <sfual@....ust.hk>
To: Lyude Paul <lyude@...hat.com>, Danilo Krummrich <dakr@...nel.org>
Cc: dri-devel@...ts.freedesktop.org, nouveau@...ts.freedesktop.org,
        stable@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] drm/nouveau: Fix refcount leak in
 nouveau_connector_detect

Hi, this is a friendly reminder of this patch. Please do let me know if
it needs any rework.

On Wed, Oct 08, 2025 at 11:20:15AM +0800, Shuhao Fu wrote:
> A possible inconsistent refcount update has been identified in function
> `nouveau_connector_detect`, which may cause a resource leak.
> 
> After calling `pm_runtime_get_*(dev->dev)`, the usage counter of `dev->dev`
> gets increased. In case function `nvif_outp_edid_get` returns negative,
> function `nouveau_connector_detect` returns without decreasing the usage
> counter of `dev->dev`, causing a refcount inconsistency.
> 
> Closes: https://gitlab.freedesktop.org/drm/nouveau/-/issues/450
> Fixes: 0cd7e0718139 ("drm/nouveau/disp: add output method to fetch edid")
> Signed-off-by: Shuhao Fu <sfual@....ust.hk>
> Cc: stable@...r.kernel.org
> 
> Change in v3:
> - Cc stable
> Change in v2:
> - Add "Fixes" and "Cc" tags
> ---
>  drivers/gpu/drm/nouveau/nouveau_connector.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
> index 63621b151..45caccade 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_connector.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
> @@ -600,8 +600,10 @@ nouveau_connector_detect(struct drm_connector *connector, bool force)
>                                 new_edid = drm_get_edid(connector, nv_encoder->i2c);
>                 } else {
>                         ret = nvif_outp_edid_get(&nv_encoder->outp, (u8 **)&new_edid);
> -                       if (ret < 0)
> -                               return connector_status_disconnected;
> +                       if (ret < 0) {
> +                               conn_status = connector_status_disconnected;
> +                               goto out;
> +                       }
>                 }
> 
>                 nouveau_connector_set_edid(nv_connector, new_edid);
> --
> 2.39.5
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ