From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Xie Yongji <xieyongji@bytedance.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Sasha Levin <sashal@kernel.org>,
dri-devel@lists.freedesktop.org,
virtualization@lists.linux-foundation.org
Subject: [PATCH AUTOSEL 4.14 13/45] drm/virtio: Fix double free on probe failure
Date: Tue, 6 Jul 2021 07:27:17 -0400 [thread overview]
Message-ID: <20210706112749.2065541-13-sashal@kernel.org> (raw)
In-Reply-To: <20210706112749.2065541-1-sashal@kernel.org>
From: Xie Yongji <xieyongji@bytedance.com>
[ Upstream commit cec7f1774605a5ef47c134af62afe7c75c30b0ee ]
The virtio_gpu_init() will free vgdev and vgdev->vbufs on failure.
But such failure will be caught by virtio_gpu_probe() and then
virtio_gpu_release() will be called to do some cleanup which
will free vgdev and vgdev->vbufs again. So let's set dev->dev_private
to NULL to avoid double free.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20210517084913.403-2-xieyongji@bytedance.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/virtio/virtgpu_kms.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/virtio/virtgpu_kms.c b/drivers/gpu/drm/virtio/virtgpu_kms.c
index e1a5e74f4080..edca3e827369 100644
--- a/drivers/gpu/drm/virtio/virtgpu_kms.c
+++ b/drivers/gpu/drm/virtio/virtgpu_kms.c
@@ -237,6 +237,7 @@ int virtio_gpu_driver_load(struct drm_device *dev, unsigned long flags)
err_vbufs:
vgdev->vdev->config->del_vqs(vgdev->vdev);
err_vqs:
+ dev->dev_private = NULL;
kfree(vgdev);
return ret;
}
--
2.30.2
next prev parent reply other threads:[~2021-07-06 11:54 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 11:27 [PATCH AUTOSEL 4.14 01/45] drm/etnaviv: fix NULL check before some freeing functions is not needed Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 02/45] drm/mxsfb: Don't select DRM_KMS_FB_HELPER Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 03/45] drm/zte: " Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 04/45] drm/amd/amdgpu/sriov disable all ip hw status by default Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 05/45] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 06/45] hugetlb: clear huge pte during flush function on mips platform Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 07/45] atm: iphase: fix possible use-after-free in ia_module_exit() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 08/45] mISDN: fix possible use-after-free in HFC_cleanup() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 09/45] atm: nicstar: Fix possible use-after-free in nicstar_cleanup() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 10/45] net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 11/45] reiserfs: add check for invalid 1st journal block Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 12/45] drm/virtio: Fixes a potential NULL pointer dereference on probe failure Sasha Levin
2021-07-06 11:27 ` Sasha Levin [this message]
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 14/45] udf: Fix NULL pointer dereference in udf_symlink function Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 15/45] e100: handle eeprom as little endian Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 16/45] clk: renesas: r8a77995: Add ZA2 clock Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 17/45] clk: tegra: Ensure that PLLU configuration is applied properly Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 18/45] ipv6: use prandom_u32() for ID generation Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 19/45] RDMA/cxgb4: Fix missing error code in create_qp() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 20/45] dm space maps: don't reset space map allocation cursor when committing Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 21/45] virtio_net: Remove BUG() to avoid machine dead Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 22/45] net: bcmgenet: check return value after calling platform_get_resource() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 23/45] net: micrel: " Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 24/45] net: moxa: Use devm_platform_get_and_ioremap_resource() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 25/45] fjes: check return value after calling platform_get_resource() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 26/45] selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 27/45] xfrm: Fix error reporting in xfrm_state_construct Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 28/45] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 29/45] wl1251: Fix possible buffer overflow in wl1251_cmd_scan Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 30/45] cw1200: add missing MODULE_DEVICE_TABLE Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 31/45] MIPS: add PMD table accounting into MIPS'pmd_alloc_one Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 32/45] atm: nicstar: use 'dma_free_coherent' instead of 'kfree' Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 33/45] atm: nicstar: register the interrupt handler in the right place Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 34/45] vsock: notify server to shutdown when client has pending signal Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 35/45] RDMA/rxe: Don't overwrite errno from ib_umem_get() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 36/45] iwlwifi: mvm: don't change band on bound PHY contexts Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 37/45] sfc: avoid double pci_remove of VFs Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 38/45] sfc: error code if SRIOV cannot be disabled Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 39/45] wireless: wext-spy: Fix out-of-bounds warning Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 40/45] RDMA/cma: Fix rdma_resolve_route() memory leak Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 41/45] Bluetooth: Fix the HCI to MGMT status conversion table Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 42/45] Bluetooth: Shutdown controller after workqueues are flushed or cancelled Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 43/45] Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 44/45] sctp: validate from_addr_param return Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 45/45] sctp: add size validation when walking chunks Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210706112749.2065541-13-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=kraxel@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
--cc=xieyongji@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox