From: "Ville Syrjälä" <ville.syrjala@linux.intel.com>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Daniel Vetter <daniel.vetter@intel.com>,
Intel Graphics Development <intel-gfx@lists.freedesktop.org>
Subject: Re: [PATCH] drm/i915: Protect against leaks in pipe_crc_set_source
Date: Wed, 10 Dec 2014 16:45:21 +0200 [thread overview]
Message-ID: <20141210144521.GB10649@intel.com> (raw)
In-Reply-To: <1418205740-15013-1-git-send-email-daniel.vetter@ffwll.ch>
On Wed, Dec 10, 2014 at 11:02:20AM +0100, Daniel Vetter wrote:
> Stupid userspace (there is no evil userspace in debugfs by assumption)
> might provoke a leak since we allocate the new array without holding
> any locks. Drop in an unconditional kfree to deal with this - kfree
> can handle NULL.
>
> Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
I thought we had some higher level protection in pipe_crc_set_source()
but indeed we don't. So yeah it can still race with itself, but no
longer leak with your fix.
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
> ---
> drivers/gpu/drm/i915/i915_debugfs.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c
> index 72bb5aef9590..923e7575bb53 100644
> --- a/drivers/gpu/drm/i915/i915_debugfs.c
> +++ b/drivers/gpu/drm/i915/i915_debugfs.c
> @@ -3433,6 +3433,7 @@ static int pipe_crc_set_source(struct drm_device *dev, enum pipe pipe,
> hsw_disable_ips(crtc);
>
> spin_lock_irq(&pipe_crc->lock);
> + kfree(pipe_crc->entries);
> pipe_crc->entries = entries;
> pipe_crc->head = 0;
> pipe_crc->tail = 0;
> --
> 2.1.1
--
Ville Syrjälä
Intel OTC
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2014-12-10 14:45 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-09 19:28 [PATCH 0/5] drm/i915: CRC fixes ville.syrjala
2014-12-09 19:28 ` [PATCH 1/5] drm/i915: Engage the DP scramble reset for pipe C on CHV ville.syrjala
2014-12-09 19:28 ` [PATCH 2/5] drm/i915: Fix CRC support for DP port D " ville.syrjala
2014-12-10 9:49 ` Daniel Vetter
2014-12-09 19:28 ` [PATCH 3/5] drm/i915: Protect pipe_crc->entries update ville.syrjala
2014-12-09 19:28 ` [PATCH 4/5] drm/i915: Allocate the pipe_crc->entires with kcalloc() ville.syrjala
2014-12-09 19:28 ` [PATCH 5/5] drm/i915: Make i915_pipe_crc_read() oops proof ville.syrjala
2014-12-10 10:00 ` Daniel Vetter
2014-12-10 10:02 ` [PATCH] drm/i915: Protect against leaks in pipe_crc_set_source Daniel Vetter
2014-12-10 14:45 ` Ville Syrjälä [this message]
2014-12-10 10:06 ` [PATCH 5/5] drm/i915: Make i915_pipe_crc_read() oops proof shuang.he
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141210144521.GB10649@intel.com \
--to=ville.syrjala@linux.intel.com \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel.vetter@intel.com \
--cc=intel-gfx@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.