| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cd0696c4-151c-4379-b718-d963d182a060@gmx.de>
Date: Tue, 2 Dec 2025 20:49:01 +0100
From: Helge Deller <deller@....de>
To: Abdun Nihaal <nihaal@....iitm.ac.in>
Cc: niederp@...sik.uni-kl.de, maxime.ripard@...e-electrons.com,
tomi.valkeinen@...com, linux-fbdev@...r.kernel.org,
dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fbdev: ssd1307fb: fix potential page leak in
ssd1307fb_probe()
On 12/2/25 20:12, Abdun Nihaal wrote:
> The page allocated for vmem using __get_free_pages() is not freed on the
> error paths after it. Fix that by adding a corresponding __free_pages()
> call to the error path.
>
> Fixes: facd94bc458a ("fbdev: ssd1307fb: Allocate page aligned video memory.")
> Signed-off-by: Abdun Nihaal <nihaal@....iitm.ac.in>
> ---
> Compile tested only. Not tested on hardware.
>
> drivers/video/fbdev/ssd1307fb.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/video/fbdev/ssd1307fb.c b/drivers/video/fbdev/ssd1307fb.c
> index aa6cc0a8151a..66da8a1a0941 100644
> --- a/drivers/video/fbdev/ssd1307fb.c
> +++ b/drivers/video/fbdev/ssd1307fb.c
> @@ -680,7 +680,7 @@ static int ssd1307fb_probe(struct i2c_client *client)
> if (!ssd1307fb_defio) {
> dev_err(dev, "Couldn't allocate deferred io.\n");
> ret = -ENOMEM;
> - goto fb_alloc_error;
> + goto fb_defio_error;
this goto jumps over the assignment of info->fix.smem_start, so...
...
> }
>
> ssd1307fb_defio->delay = HZ / refreshrate;
> @@ -757,6 +757,8 @@ static int ssd1307fb_probe(struct i2c_client *client)
> regulator_disable(par->vbat_reg);
> reset_oled_error:
> fb_deferred_io_cleanup(info);
> +fb_defio_error:
> + __free_pages(__va(info->fix.smem_start), get_order(info->fix.smem_len));
freeing info->fix.smem_start is wrong here as it was not initialized
to the value of vmem.
Please rework the patch.
Helge
Powered by blists - more mailing lists