From: Jocelyn Falempe <jfalempe@redhat.com> To: tzimmermann@suse.de, airlied@redhat.com, javierm@redhat.com, yizhan@redhat.com Cc: Jocelyn Falempe <jfalempe@redhat.com>, stable@vger.kernel.org, dri-devel@lists.freedesktop.org Subject: [PATCH 1/2] drm/client: Fix memory leak in drm_client_target_cloned Date: Tue, 11 Jul 2023 11:20:43 +0200 [thread overview] Message-ID: <20230711092203.68157-2-jfalempe@redhat.com> (raw) In-Reply-To: <20230711092203.68157-1-jfalempe@redhat.com> dmt_mode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the following kmemleak report: backtrace: [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] [<00000000ed2d3a37>] drm_client_modeset_probe+0x6bd/0xf50 [drm] [<0000000010e5cc9d>] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper] [<00000000909f82ca>] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper] [<00000000063a69aa>] drm_client_register+0x169/0x240 [drm] [<00000000a8c61525>] ast_pci_probe+0x142/0x190 [ast] [<00000000987f19bb>] local_pci_probe+0xdc/0x180 [<000000004fca231b>] work_for_cpu_fn+0x4e/0xa0 [<0000000000b85301>] process_one_work+0x8b7/0x1540 [<000000003375b17c>] worker_thread+0x70a/0xed0 [<00000000b0d43cd9>] kthread+0x29f/0x340 [<000000008d770833>] ret_from_fork+0x1f/0x30 unreferenced object 0xff11000333089a00 (size 128): cc: <stable@vger.kernel.org> Fixes: 1d42bbc8f7f9 ("drm/fbdev: fix cloning on fbcon") Reported-by: Zhang Yi <yizhan@redhat.com> Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com> --- drivers/gpu/drm/drm_client_modeset.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 1b12a3c201a3..a4a62aa99984 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -311,6 +311,9 @@ static bool drm_client_target_cloned(struct drm_device *dev, can_clone = true; dmt_mode = drm_mode_find_dmt(dev, 1024, 768, 60, false); + if (!dmt_mode) + goto fail; + for (i = 0; i < connector_count; i++) { if (!enabled[i]) continue; @@ -326,11 +329,13 @@ static bool drm_client_target_cloned(struct drm_device *dev, if (!modes[i]) can_clone = false; } + kfree(dmt_mode); if (can_clone) { DRM_DEBUG_KMS("can clone using 1024x768\n"); return true; } +fail: DRM_INFO("kms: can't enable cloning when we probably wanted to.\n"); return false; } -- 2.41.0
WARNING: multiple messages have this Message-ID (diff)
From: Jocelyn Falempe <jfalempe@redhat.com> To: tzimmermann@suse.de, airlied@redhat.com, javierm@redhat.com, yizhan@redhat.com Cc: dri-devel@lists.freedesktop.org, Jocelyn Falempe <jfalempe@redhat.com>, stable@vger.kernel.org Subject: [PATCH 1/2] drm/client: Fix memory leak in drm_client_target_cloned Date: Tue, 11 Jul 2023 11:20:43 +0200 [thread overview] Message-ID: <20230711092203.68157-2-jfalempe@redhat.com> (raw) In-Reply-To: <20230711092203.68157-1-jfalempe@redhat.com> dmt_mode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the following kmemleak report: backtrace: [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] [<00000000ed2d3a37>] drm_client_modeset_probe+0x6bd/0xf50 [drm] [<0000000010e5cc9d>] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper] [<00000000909f82ca>] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper] [<00000000063a69aa>] drm_client_register+0x169/0x240 [drm] [<00000000a8c61525>] ast_pci_probe+0x142/0x190 [ast] [<00000000987f19bb>] local_pci_probe+0xdc/0x180 [<000000004fca231b>] work_for_cpu_fn+0x4e/0xa0 [<0000000000b85301>] process_one_work+0x8b7/0x1540 [<000000003375b17c>] worker_thread+0x70a/0xed0 [<00000000b0d43cd9>] kthread+0x29f/0x340 [<000000008d770833>] ret_from_fork+0x1f/0x30 unreferenced object 0xff11000333089a00 (size 128): cc: <stable@vger.kernel.org> Fixes: 1d42bbc8f7f9 ("drm/fbdev: fix cloning on fbcon") Reported-by: Zhang Yi <yizhan@redhat.com> Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com> --- drivers/gpu/drm/drm_client_modeset.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 1b12a3c201a3..a4a62aa99984 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -311,6 +311,9 @@ static bool drm_client_target_cloned(struct drm_device *dev, can_clone = true; dmt_mode = drm_mode_find_dmt(dev, 1024, 768, 60, false); + if (!dmt_mode) + goto fail; + for (i = 0; i < connector_count; i++) { if (!enabled[i]) continue; @@ -326,11 +329,13 @@ static bool drm_client_target_cloned(struct drm_device *dev, if (!modes[i]) can_clone = false; } + kfree(dmt_mode); if (can_clone) { DRM_DEBUG_KMS("can clone using 1024x768\n"); return true; } +fail: DRM_INFO("kms: can't enable cloning when we probably wanted to.\n"); return false; } -- 2.41.0
next prev parent reply other threads:[~2023-07-11 9:22 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-07-11 9:20 [PATCH 0/2] Two memory leak fixes in drm_client_modeset.c Jocelyn Falempe 2023-07-11 9:20 ` Jocelyn Falempe [this message] 2023-07-11 9:20 ` [PATCH 1/2] drm/client: Fix memory leak in drm_client_target_cloned Jocelyn Falempe 2023-07-11 9:28 ` Javier Martinez Canillas 2023-07-11 9:28 ` Javier Martinez Canillas 2023-07-11 9:44 ` Thomas Zimmermann 2023-07-11 9:44 ` Thomas Zimmermann 2023-07-11 9:20 ` [PATCH 2/2] drm/client: Fix memory leak in drm_client_modeset_probe Jocelyn Falempe 2023-07-11 9:20 ` Jocelyn Falempe 2023-07-11 9:29 ` Javier Martinez Canillas 2023-07-11 9:29 ` Javier Martinez Canillas 2023-07-11 9:43 ` Thomas Zimmermann 2023-07-11 9:43 ` Thomas Zimmermann 2023-07-13 14:01 ` [PATCH 0/2] Two memory leak fixes in drm_client_modeset.c Jocelyn Falempe
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230711092203.68157-2-jfalempe@redhat.com \ --to=jfalempe@redhat.com \ --cc=airlied@redhat.com \ --cc=dri-devel@lists.freedesktop.org \ --cc=javierm@redhat.com \ --cc=stable@vger.kernel.org \ --cc=tzimmermann@suse.de \ --cc=yizhan@redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.