Re: [PATCH 03/13] drm/vkms: Extract vkms_config header

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "José Expósito" <jose.exposito89@gmail.com>
To: Louis Chauvet <louis.chauvet@bootlin.com>
Cc: hamohammed.sa@gmail.com, simona@ffwll.ch, melissa.srw@gmail.com,
	maarten.lankhorst@linux.intel.com, mripard@kernel.org,
	tzimmermann@suse.de, airlied@gmail.com,
	dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 03/13] drm/vkms: Extract vkms_config header
Date: Tue, 11 Feb 2025 11:39:25 +0100	[thread overview]
Message-ID: <Z6so3Xpd-z5zQJEK@fedora> (raw)
In-Reply-To: <Z5uDHcCmAwiTsGte@louis-chauvet-laptop>

On Thu, Jan 30, 2025 at 02:48:13PM +0100, Louis Chauvet wrote:
> On 29/01/25 - 12:00, José Expósito wrote:
> > Creating a new vkms_config structure will be more complex once we
> > start adding more options.
> > 
> > Extract the vkms_config structure to its own header and source files
> > and add functions to create and delete a vkms_config and to initialize
> > debugfs.
> > 
> > Refactor, no functional changes.
> > 
> > Signed-off-by: Louis Chauvet <louis.chauvet@bootlin.com>
> > Signed-off-by: José Expósito <jose.exposito89@gmail.com>
> 
> Co-developped-by: Louis Chauvet <louis.chauvet@bootlin.com>
> Signed-off-by: Louis Chauvet <louis.chauvet@bootlin.com>
> Signed-off-by: José Expósito <jose.exposito89@gmail.com>
> 
> [...]
> 
> > diff --git a/drivers/gpu/drm/vkms/vkms_drv.c b/drivers/gpu/drm/vkms/vkms_drv.c
> > @@ -208,8 +189,7 @@ static int vkms_create(struct vkms_config *config)
> >  	if (ret)
> >  		goto out_devres;
> >  
> > -	drm_debugfs_add_files(&vkms_device->drm, vkms_config_debugfs_list,
> > -			      ARRAY_SIZE(vkms_config_debugfs_list));
> > +	vkms_config_register_debugfs(vkms_device);
> >  
> >  	ret = drm_dev_register(&vkms_device->drm, 0);
> >  	if (ret)
> > @@ -231,9 +211,9 @@ static int __init vkms_init(void)
> >  	int ret;
> >  	struct vkms_config *config;
> >  
> > -	config = kmalloc(sizeof(*config), GFP_KERNEL);
> > -	if (!config)
> > -		return -ENOMEM;
> > +	config = vkms_config_create();
> > +	if (IS_ERR(config))
> > +		return PTR_ERR(config);
> >  
> >  	default_config = config;
> >  
> > @@ -243,7 +223,7 @@ static int __init vkms_init(void)
> >  
> >  	ret = vkms_create(config);
> >  	if (ret)
> > -		kfree(config);
> > +		vkms_config_destroy(config);
> 
> I just have a question here: is it not a problem to kfree config (and 
> default_config) here? There is not risk to have a 
> use-after-free/double-free in vkms_exit?
> 
> >	return ret;
> >  }
> > @@ -272,7 +252,7 @@ static void __exit vkms_exit(void)
> >	if (default_config->dev)
> 
> The use-after-free may be here?
> 
> >		vkms_destroy(default_config);
> >  
> > -	kfree(default_config);
> > +	vkms_config_destroy(default_config);
> 
> And maybe double-free?
> 
> >  }
> 
> If this is not an issue (ie we have a garantee that vkms_exit is never
> called if vkms_init fails), you can add my

Good catch! This is a potential use after free/double free or, even worst,
on "if (default_config->dev)" default_config could be NULL.

Even though the bug is unrelated to this series (it was already there) I'll
include a fix in v2.
It'll be the first patch of the series and it could be merged independently.

Thanks,
Jose

> 
> Reviewed-by: Louis Chauvet <louis.chauvet@bootlin.com>
> 
> [...]

next prev parent reply	other threads:[~2025-02-11 10:39 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-29 11:00 [PATCH 00/13] drm/vkms: Allow to configure device José Expósito
2025-01-29 11:00 ` [PATCH 01/13] drm/vkms: Extract vkms_connector header José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-02-11 10:37     ` José Expósito
2025-01-29 11:00 ` [PATCH 02/13] drm/vkms: Add KUnit test scaffolding José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 03/13] drm/vkms: Extract vkms_config header José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-02-11 10:39     ` José Expósito [this message]
2025-01-29 11:00 ` [PATCH 04/13] drm/vkms: Move default_config creation to its own function José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 05/13] drm/vkms: Set device name from vkms_config José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 06/13] drm/vkms: Add a validation function for VKMS configuration José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 07/13] drm/vkms: Allow to configure multiple planes José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-02-11 10:43     ` José Expósito
2025-02-12 14:10       ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 08/13] drm/vkms: Allow to configure multiple CRTCs José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-02-11 10:44     ` José Expósito
2025-02-12 14:12       ` Louis Chauvet
2025-02-13 15:26         ` José Expósito
2025-01-29 11:00 ` [PATCH 09/13] drm/vkms: Allow to attach planes and CRTCs José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-02-11 10:47     ` José Expósito
2025-02-12 14:10       ` Louis Chauvet
2025-02-13 15:32         ` José Expósito
2025-01-29 11:00 ` [PATCH 10/13] drm/vkms: Allow to configure multiple encoders José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 11/13] drm/vkms: Allow to attach encoders and CRTCs José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 12/13] drm/vkms: Allow to configure multiple connectors José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-29 11:00 ` [PATCH 13/13] drm/vkms: Allow to attach connectors and encoders José Expósito
2025-01-30 13:48   ` Louis Chauvet
2025-01-30 13:48 ` [PATCH 00/13] drm/vkms: Allow to configure device Louis Chauvet
2025-01-31  9:31   ` José Expósito
2025-01-31 13:02     ` Louis Chauvet
2025-01-31 17:13       ` José Expósito

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z6so3Xpd-z5zQJEK@fedora \
    --to=jose.exposito89@gmail.com \
    --cc=airlied@gmail.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=hamohammed.sa@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=louis.chauvet@bootlin.com \
    --cc=maarten.lankhorst@linux.intel.com \
    --cc=melissa.srw@gmail.com \
    --cc=mripard@kernel.org \
    --cc=simona@ffwll.ch \
    --cc=tzimmermann@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox