Linux-ARM-Kernel Archive on lore.kernel.org
 help / color / Atom feed
From: Navid Emamdoost <navid.emamdoost@gmail.com>
To: Markus Elfring <Markus.Elfring@web.de>
Cc: Thierry Reding <thierry.reding@gmail.com>,
	Rob Herring <robh@kernel.org>,
	kernel-janitors@vger.kernel.org,
	Pengutronix Kernel Team <kernel@pengutronix.de>,
	David Airlie <airlied@linux.ie>, Shawn Guo <shawnguo@kernel.org>,
	Sascha Hauer <s.hauer@pengutronix.de>, Kangjie Lu <kjlu@umn.edu>,
	LKML <linux-kernel@vger.kernel.org>,
	dri-devel@lists.freedesktop.org,
	Navid Emamdoost <emamd001@umn.edu>,
	Peter Senna Tschudin <peter.senna@collabora.com>,
	NXP Linux Team <linux-imx@nxp.com>,
	Daniel Vetter <daniel@ffwll.ch>,
	Stephen McCamant <smccaman@umn.edu>,
	Philipp Zabel <p.zabel@pengutronix.de>,
	Fabio Estevam <festevam@gmail.com>,
	linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 1/2] drm/imx: Fix error handling for a kmemdup() call in imx_pd_bind()
Date: Sat, 12 Oct 2019 14:16:58 -0500
Message-ID: <CAEkB2ERCGJ6abNXfPNX7nbwkwD7qYTPYjYsNGzZwynn5CbPCzg@mail.gmail.com> (raw)
In-Reply-To: <3fd6aa8b-2529-7ff5-3e19-05267101b2a4@web.de>

On Sat, Oct 12, 2019 at 4:07 AM Markus Elfring <Markus.Elfring@web.de> wrote:
>
> From: Markus Elfring <elfring@users.sourceforge.net>
> Date: Sat, 12 Oct 2019 10:30:21 +0200
>
> The return value from a call of the function “kmemdup” was not checked
> in this function implementation. Thus add the corresponding error handling.
>
> Fixes: 19022aaae677dfa171a719e9d1ff04823ce65a65 ("staging: drm/imx: Add parallel display support")
> Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
> ---
>  drivers/gpu/drm/imx/parallel-display.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/imx/parallel-display.c b/drivers/gpu/drm/imx/parallel-display.c
> index 35518e5de356..39c4798f56b6 100644
> --- a/drivers/gpu/drm/imx/parallel-display.c
> +++ b/drivers/gpu/drm/imx/parallel-display.c
> @@ -210,8 +210,13 @@ static int imx_pd_bind(struct device *dev, struct device *master, void *data)
>                 return -ENOMEM;
>
>         edidp = of_get_property(np, "edid", &imxpd->edid_len);
> -       if (edidp)
> +       if (edidp) {
>                 imxpd->edid = kmemdup(edidp, imxpd->edid_len, GFP_KERNEL);
> +               if (!imxpd->edid) {
> +                       devm_kfree(dev, imxpd);

You should not try to free imxpd here as it is a resource-managed
allocation via devm_kzalloc(). It means memory allocated with this
function is
 automatically freed on driver detach. So, this patch introduces a double-free.

> +                       return -ENOMEM;
> +               }
> +       }
>
>         ret = of_property_read_string(np, "interface-pix-fmt", &fmt);
>         if (!ret) {
> --
> 2.23.0
>


-- 
Navid.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply index

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-04 19:09 [PATCH] drm/imx: fix memory leak in imx_pd_bind Navid Emamdoost
2019-10-05 15:02 ` Markus Elfring
2019-10-12 11:54   ` Markus Elfring
2019-10-12 19:22     ` Navid Emamdoost
2019-10-06  9:33 ` drm/imx: Checking a kmemdup() call in imx_pd_bind() Markus Elfring
2019-10-07  4:26   ` Navid Emamdoost
2019-10-07  7:44     ` Markus Elfring
2019-10-12  9:04     ` [PATCH 0/2] drm/imx: Adjustments for two functions Markus Elfring
2019-10-12  9:07       ` [PATCH 1/2] drm/imx: Fix error handling for a kmemdup() call in imx_pd_bind() Markus Elfring
2019-10-12 19:16         ` Navid Emamdoost [this message]
2019-10-12 19:24           ` Julia Lawall
2019-10-12  9:10       ` [PATCH 2/2] drm/imx: Fix error handling for a kmemdup() call in imx_ldb_panel_ddc() Markus Elfring

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAEkB2ERCGJ6abNXfPNX7nbwkwD7qYTPYjYsNGzZwynn5CbPCzg@mail.gmail.com \
    --to=navid.emamdoost@gmail.com \
    --cc=Markus.Elfring@web.de \
    --cc=airlied@linux.ie \
    --cc=daniel@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=emamd001@umn.edu \
    --cc=festevam@gmail.com \
    --cc=kernel-janitors@vger.kernel.org \
    --cc=kernel@pengutronix.de \
    --cc=kjlu@umn.edu \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-imx@nxp.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=p.zabel@pengutronix.de \
    --cc=peter.senna@collabora.com \
    --cc=robh@kernel.org \
    --cc=s.hauer@pengutronix.de \
    --cc=shawnguo@kernel.org \
    --cc=smccaman@umn.edu \
    --cc=thierry.reding@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-ARM-Kernel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-arm-kernel/0 linux-arm-kernel/git/0.git
	git clone --mirror https://lore.kernel.org/linux-arm-kernel/1 linux-arm-kernel/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-arm-kernel linux-arm-kernel/ https://lore.kernel.org/linux-arm-kernel \
		linux-arm-kernel@lists.infradead.org infradead-linux-arm-kernel@archiver.kernel.org
	public-inbox-index linux-arm-kernel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.infradead.lists.linux-arm-kernel


AGPL code for this site: git clone https://public-inbox.org/ public-inbox