Re: [PATCH 03/13] drm/vkms: Extract vkms_config header

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "José Expósito" <jose.exposito89@gmail.com>
To: Louis Chauvet <louis.chauvet@bootlin.com>
Cc: hamohammed.sa@gmail.com, simona@ffwll.ch, melissa.srw@gmail.com,
	maarten.lankhorst@linux.intel.com, mripard@kernel.org,
	tzimmermann@suse.de, airlied@gmail.com,
	dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 03/13] drm/vkms: Extract vkms_config header
Date: Tue, 11 Feb 2025 11:39:25 +0100	[thread overview]
Message-ID: <Z6so3Xpd-z5zQJEK@fedora> (raw)
In-Reply-To: <Z5uDHcCmAwiTsGte@louis-chauvet-laptop>

On Thu, Jan 30, 2025 at 02:48:13PM +0100, Louis Chauvet wrote:
> On 29/01/25 - 12:00, José Expósito wrote:
> > Creating a new vkms_config structure will be more complex once we
> > start adding more options.
> > 
> > Extract the vkms_config structure to its own header and source files
> > and add functions to create and delete a vkms_config and to initialize
> > debugfs.
> > 
> > Refactor, no functional changes.
> > 
> > Signed-off-by: Louis Chauvet <louis.chauvet@bootlin.com>
> > Signed-off-by: José Expósito <jose.exposito89@gmail.com>
> 
> Co-developped-by: Louis Chauvet <louis.chauvet@bootlin.com>
> Signed-off-by: Louis Chauvet <louis.chauvet@bootlin.com>
> Signed-off-by: José Expósito <jose.exposito89@gmail.com>
> 
> [...]
> 
> > diff --git a/drivers/gpu/drm/vkms/vkms_drv.c b/drivers/gpu/drm/vkms/vkms_drv.c
> > @@ -208,8 +189,7 @@ static int vkms_create(struct vkms_config *config)
> >  	if (ret)
> >  		goto out_devres;
> >  
> > -	drm_debugfs_add_files(&vkms_device->drm, vkms_config_debugfs_list,
> > -			      ARRAY_SIZE(vkms_config_debugfs_list));
> > +	vkms_config_register_debugfs(vkms_device);
> >  
> >  	ret = drm_dev_register(&vkms_device->drm, 0);
> >  	if (ret)
> > @@ -231,9 +211,9 @@ static int __init vkms_init(void)
> >  	int ret;
> >  	struct vkms_config *config;
> >  
> > -	config = kmalloc(sizeof(*config), GFP_KERNEL);
> > -	if (!config)
> > -		return -ENOMEM;
> > +	config = vkms_config_create();
> > +	if (IS_ERR(config))
> > +		return PTR_ERR(config);
> >  
> >  	default_config = config;
> >  
> > @@ -243,7 +223,7 @@ static int __init vkms_init(void)
> >  
> >  	ret = vkms_create(config);
> >  	if (ret)
> > -		kfree(config);
> > +		vkms_config_destroy(config);
> 
> I just have a question here: is it not a problem to kfree config (and 
> default_config) here? There is not risk to have a 
> use-after-free/double-free in vkms_exit?
> 
> >	return ret;
> >  }
> > @@ -272,7 +252,7 @@ static void __exit vkms_exit(void)
> >	if (default_config->dev)
> 
> The use-after-free may be here?
> 
> >		vkms_destroy(default_config);
> >  
> > -	kfree(default_config);
> > +	vkms_config_destroy(default_config);
> 
> And maybe double-free?
> 
> >  }
> 
> If this is not an issue (ie we have a garantee that vkms_exit is never
> called if vkms_init fails), you can add my

Good catch! This is a potential use after free/double free or, even worst,
on "if (default_config->dev)" default_config could be NULL.

Even though the bug is unrelated to this series (it was already there) I'll
include a fix in v2.
It'll be the first patch of the series and it could be merged independently.

Thanks,
Jose

> 
> Reviewed-by: Louis Chauvet <louis.chauvet@bootlin.com>
> 
> [...]

next prev parent reply	other threads:[~2025-02-11 10:39 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-29 11:00 [PATCH 00/13] drm/vkms: Allow to configure device José Expósito
2025-01-29 11:00 ` [PATCH 01/13] drm/vkms: Extract vkms_connector header José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-02-11 10:37     ` José Expósito
2025-01-29 11:00 ` [PATCH 02/13] drm/vkms: Add KUnit test scaffolding José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 03/13] drm/vkms: Extract vkms_config header José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-02-11 10:39     ` José Expósito [this message]
2025-01-29 11:00 ` [PATCH 04/13] drm/vkms: Move default_config creation to its own function José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 05/13] drm/vkms: Set device name from vkms_config José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 06/13] drm/vkms: Add a validation function for VKMS configuration José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 07/13] drm/vkms: Allow to configure multiple planes José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-02-11 10:43     ` José Expósito
2025-02-12 14:10       ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 08/13] drm/vkms: Allow to configure multiple CRTCs José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-02-11 10:44     ` José Expósito
2025-02-12 14:12       ` Louis Chauvet
2025-02-13 15:26         ` José Expósito
2025-01-29 11:00 ` [PATCH 09/13] drm/vkms: Allow to attach planes and CRTCs José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-02-11 10:47     ` José Expósito
2025-02-12 14:10       ` Louis Chauvet
2025-02-13 15:32         ` José Expósito
2025-01-29 11:00 ` [PATCH 10/13] drm/vkms: Allow to configure multiple encoders José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 11/13] drm/vkms: Allow to attach encoders and CRTCs José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 12/13] drm/vkms: Allow to configure multiple connectors José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 13/13] drm/vkms: Allow to attach connectors and encoders José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-30 13:48 ` [PATCH 00/13] drm/vkms: Allow to configure device Louis Chauvet
2025-01-31  9:31   ` José Expósito
2025-01-31 13:02     ` Louis Chauvet
2025-01-31 17:13       ` José Expósito

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z6so3Xpd-z5zQJEK@fedora \
    --to=jose.exposito89@gmail.com \
    --cc=airlied@gmail.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=hamohammed.sa@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=louis.chauvet@bootlin.com \
    --cc=maarten.lankhorst@linux.intel.com \
    --cc=melissa.srw@gmail.com \
    --cc=mripard@kernel.org \
    --cc=simona@ffwll.ch \
    --cc=tzimmermann@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.