All of lore.kernel.org
 help / color / mirror / Atom feed
From: Daniel Thompson <daniel.thompson@linaro.org>
To: Daniel Vetter <daniel@ffwll.ch>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>,
	Intel Graphics Development <intel-gfx@lists.freedesktop.org>,
	DRI Development <dri-devel@lists.freedesktop.org>
Subject: Re: [PATCH 15/17] drm/atomic-helpers: functions for state duplicate/destroy/reset
Date: Mon, 03 Nov 2014 15:06:07 +0000	[thread overview]
Message-ID: <545799DF.2090505@linaro.org> (raw)
In-Reply-To: <20141103145338.GO26941@phenom.ffwll.local>

On 03/11/14 14:53, Daniel Vetter wrote:
> On Mon, Nov 03, 2014 at 02:45:28PM +0000, Daniel Thompson wrote:
>>> index 70bd67cf86e3..bd38df3cbe55 100644
>>> --- a/drivers/gpu/drm/drm_atomic_helper.c
>>> +++ b/drivers/gpu/drm/drm_atomic_helper.c
>>> @@ -1429,7 +1429,7 @@ EXPORT_SYMBOL(drm_atomic_helper_set_config);
>>>  /**
>>>   * drm_atomic_helper_crtc_set_property - helper for crtc prorties
>>>   * @crtc: DRM crtc
>>> - * @prorty: DRM property
>>> + * @property: DRM property
>>
>> This looks like a bad fixup (should be in patch 11).
> 
> Indeed, will shuffle around.
> 
>>> +void drm_atomic_helper_crtc_reset(struct drm_crtc *crtc)
>>> +{
>>> +	kfree(crtc->state);
>>> +	crtc->state = kzalloc(sizeof(*crtc->state), GFP_KERNEL);
>>
>> This code looks semantically equivalent to a memset() although it may
>> result in a change to the pointer value. Is this code trying to flush
>> out uses-after-free?
>>
>> I can't find this free/alloc pattern in delivered code anywhere else in
>> the drm code base. Should this need to be replaced with memset() before
>> merging (or at least commenting)?
> 
> kfree is a nop when the argument is NULL, which is a crucial property of
> this - memset would oops on driver load.

Oops. Missed that (I think I misread who as assuming there was always
obj->state in the patch header).

Do you fancy making the comment "by freeing the state pointer and
allocating a new..." into "by freeing the state pointer (which may be
NULL) and allocating a new...".

If nothing else that means the documentation is richer than the code...

> Even neglecting this a memset imo doesn't blow up loudly enough if the
> driver subclasses the state structs (by adding more of it's driver private
> state at the end). Whereas underallocating tends to anger the slab
> poisoning code badly.
> 
> Finally it's really not just a memset, but a free + realloc. See the plane
> state, which also needs to drop a potential fb reference. Imo the explicit
> kfree+realloc makes that more obvious.

_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel

  reply	other threads:[~2014-11-03 15:06 UTC|newest]

Thread overview: 77+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-02 13:19 [PATCH 00/17] atomic modeset core<->driver interfaces and helpers Daniel Vetter
2014-11-02 13:19 ` [PATCH 01/17] drm: Move drm_crtc_init from drm_crtc.h to drm_plane_helper.h Daniel Vetter
2014-11-04 20:31   ` Sean Paul
2014-11-02 13:19 ` [PATCH 02/17] drm: Pull drm_crtc.h into the kerneldoc template Daniel Vetter
2014-11-02 19:18   ` [PATCH] " Daniel Vetter
2014-11-03  3:04     ` Thierry Reding
2014-11-02 13:19 ` [PATCH 03/17] drm: fixup kerneldoc in drm_crtc.h Daniel Vetter
2014-11-02 19:19   ` Daniel Vetter
2014-11-02 13:19 ` [PATCH 04/17] drm/modeset_lock: document trylock_only in kerneldoc Daniel Vetter
2014-11-04 20:31   ` Sean Paul
2014-11-05 16:18   ` Thierry Reding
2014-11-02 13:19 ` [PATCH 05/17] drm: Add atomic driver interface definitions for objects Daniel Vetter
2014-11-04 20:31   ` Sean Paul
2014-11-05 16:26   ` Thierry Reding
2014-11-05 17:04     ` Daniel Vetter
2014-11-05 17:16       ` [Intel-gfx] " Damien Lespiau
2014-11-02 13:19 ` [PATCH 06/17] drm: Global atomic state handling Daniel Vetter
2014-11-03 23:41   ` Matt Roper
2014-11-04  8:40     ` Daniel Vetter
2014-11-04 20:31   ` Sean Paul
2014-11-04 21:30     ` Daniel Vetter
2014-11-04 21:41       ` Daniel Vetter
2014-11-04 21:37   ` [PATCH] " Daniel Vetter
2014-11-04 22:07     ` Daniel Vetter
2014-11-04 22:32       ` Sean Paul
2014-11-05 13:06       ` Ander Conselvan de Oliveira
2014-11-05 13:45       ` Daniel Vetter
2014-11-05 14:22         ` Daniel Vetter
2014-11-05 17:06           ` Daniel Vetter
2015-02-06  9:58             ` [Intel-gfx] " Jani Nikula
2015-02-06 21:14               ` Daniel Vetter
2014-11-02 13:19 ` [PATCH 07/17] drm: Add atomic/plane helpers Daniel Vetter
2014-11-04 22:30   ` Sean Paul
2014-11-04 23:16     ` Daniel Vetter
2014-11-02 13:19 ` [PATCH 08/17] drm/plane-helper: transitional atomic plane helpers Daniel Vetter
2014-11-05 16:45   ` Sean Paul
2014-11-05 16:51     ` Daniel Vetter
2014-11-05 16:59   ` [PATCH] " Daniel Vetter
2014-11-02 13:19 ` [PATCH 09/17] drm/crtc-helper: Transitional functions using " Daniel Vetter
2014-11-05 17:42   ` Sean Paul
2014-11-02 13:19 ` [PATCH 10/17] drm: Atomic crtc/connector updates using crtc/plane helper interfaces Daniel Vetter
2014-11-05 18:53   ` Sean Paul
2014-11-05 21:44     ` Daniel Vetter
2014-11-06 18:28       ` Sean Paul
2014-11-02 13:19 ` [PATCH 11/17] drm/atomic-helper: implementatations for legacy interfaces Daniel Vetter
2014-11-04 22:08   ` [PATCH] " Daniel Vetter
2014-11-05 13:46     ` Daniel Vetter
2014-11-05 19:48       ` Sean Paul
2014-11-05 22:01         ` Daniel Vetter
2014-11-06 18:31           ` Sean Paul
2014-11-02 13:19 ` [PATCH 12/17] drm/atomic: Integrate fence support Daniel Vetter
2014-11-06 17:43   ` [Intel-gfx] " Sean Paul
2014-11-02 13:19 ` [PATCH 13/17] drm/atomic-helpers: document how to implement async commit Daniel Vetter
2014-11-06 17:43   ` Sean Paul
2014-11-02 13:19 ` [PATCH 14/17] drm/atomic-helper: implement ->page_flip Daniel Vetter
2014-11-04 22:09   ` [PATCH] " Daniel Vetter
2014-11-05 11:35     ` Daniel Thompson
2014-11-05 13:46     ` Daniel Vetter
2014-11-06 17:43   ` [PATCH 14/17] " Sean Paul
2014-11-06 18:13     ` Daniel Vetter
2014-11-06 18:53       ` Sean Paul
2014-11-02 13:19 ` [PATCH 15/17] drm/atomic-helpers: functions for state duplicate/destroy/reset Daniel Vetter
2014-11-03 14:45   ` Daniel Thompson
2014-11-03 14:53     ` Daniel Vetter
2014-11-03 15:06       ` Daniel Thompson [this message]
2014-11-03 15:11         ` Daniel Vetter
2014-11-06 17:43   ` Sean Paul
2014-11-06 19:57     ` Daniel Vetter
2014-11-06 20:01       ` Sean Paul
2014-11-06 19:55   ` [PATCH] " Daniel Vetter
2014-11-02 13:19 ` [PATCH 16/17] drm: Docbook integration and over sections for all the new helpers Daniel Vetter
2014-11-06 17:43   ` Sean Paul
2014-11-06 20:00   ` [PATCH] " Daniel Vetter
2014-11-06 20:02     ` Sean Paul
2014-11-02 13:19 ` [PATCH 17/17] drm/atomic: Refcounting for plane_state->fb Daniel Vetter
2014-11-04 21:57   ` [PATCH] " Daniel Vetter
2014-11-06 17:44   ` [PATCH 17/17] " Sean Paul

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=545799DF.2090505@linaro.org \
    --to=daniel.thompson@linaro.org \
    --cc=daniel.vetter@ffwll.ch \
    --cc=daniel@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=intel-gfx@lists.freedesktop.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.