From: Navid Emamdoost <navid.emamdoost@gmail.com>
To: Markus Elfring <Markus.Elfring@web.de>
Cc: dri-devel@lists.freedesktop.org,
Pengutronix Kernel Team <kernel@pengutronix.de>,
linux-arm-kernel@lists.infradead.org,
NXP Linux Team <linux-imx@nxp.com>,
Daniel Vetter <daniel@ffwll.ch>, David Airlie <airlied@linux.ie>,
Fabio Estevam <festevam@gmail.com>,
Philipp Zabel <p.zabel@pengutronix.de>,
Sascha Hauer <s.hauer@pengutronix.de>,
Shawn Guo <shawnguo@kernel.org>,
Peter Senna Tschudin <peter.senna@collabora.com>,
Navid Emamdoost <emamd001@umn.edu>, Kangjie Lu <kjlu@umn.edu>,
Stephen McCamant <smccaman@umn.edu>,
Rob Herring <robh@kernel.org>,
Thierry Reding <thierry.reding@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
kernel-janitors@vger.kernel.org
Subject: Re: [PATCH 1/2] drm/imx: Fix error handling for a kmemdup() call in imx_pd_bind()
Date: Sat, 12 Oct 2019 14:16:58 -0500 [thread overview]
Message-ID: <CAEkB2ERCGJ6abNXfPNX7nbwkwD7qYTPYjYsNGzZwynn5CbPCzg@mail.gmail.com> (raw)
In-Reply-To: <3fd6aa8b-2529-7ff5-3e19-05267101b2a4@web.de>
On Sat, Oct 12, 2019 at 4:07 AM Markus Elfring <Markus.Elfring@web.de> wrote:
>
> From: Markus Elfring <elfring@users.sourceforge.net>
> Date: Sat, 12 Oct 2019 10:30:21 +0200
>
> The return value from a call of the function “kmemdup” was not checked
> in this function implementation. Thus add the corresponding error handling.
>
> Fixes: 19022aaae677dfa171a719e9d1ff04823ce65a65 ("staging: drm/imx: Add parallel display support")
> Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
> ---
> drivers/gpu/drm/imx/parallel-display.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/imx/parallel-display.c b/drivers/gpu/drm/imx/parallel-display.c
> index 35518e5de356..39c4798f56b6 100644
> --- a/drivers/gpu/drm/imx/parallel-display.c
> +++ b/drivers/gpu/drm/imx/parallel-display.c
> @@ -210,8 +210,13 @@ static int imx_pd_bind(struct device *dev, struct device *master, void *data)
> return -ENOMEM;
>
> edidp = of_get_property(np, "edid", &imxpd->edid_len);
> - if (edidp)
> + if (edidp) {
> imxpd->edid = kmemdup(edidp, imxpd->edid_len, GFP_KERNEL);
> + if (!imxpd->edid) {
> + devm_kfree(dev, imxpd);
You should not try to free imxpd here as it is a resource-managed
allocation via devm_kzalloc(). It means memory allocated with this
function is
automatically freed on driver detach. So, this patch introduces a double-free.
> + return -ENOMEM;
> + }
> + }
>
> ret = of_property_read_string(np, "interface-pix-fmt", &fmt);
> if (!ret) {
> --
> 2.23.0
>
--
Navid.
WARNING: multiple messages have this Message-ID (diff)
From: Navid Emamdoost <navid.emamdoost@gmail.com>
To: Markus Elfring <Markus.Elfring@web.de>
Cc: dri-devel@lists.freedesktop.org,
Pengutronix Kernel Team <kernel@pengutronix.de>,
linux-arm-kernel@lists.infradead.org,
NXP Linux Team <linux-imx@nxp.com>,
Daniel Vetter <daniel@ffwll.ch>, David Airlie <airlied@linux.ie>,
Fabio Estevam <festevam@gmail.com>,
Philipp Zabel <p.zabel@pengutronix.de>,
Sascha Hauer <s.hauer@pengutronix.de>,
Shawn Guo <shawnguo@kernel.org>,
Peter Senna Tschudin <peter.senna@collabora.com>,
Navid Emamdoost <emamd001@umn.edu>, Kangjie Lu <kjlu@umn.edu>,
Stephen McCamant <smccaman@umn.edu>,
Rob Herring <robh@kernel.org>,
Thierry Reding <thierry.reding@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
kernel-janitors@vger.kernel.org
Subject: Re: [PATCH 1/2] drm/imx: Fix error handling for a kmemdup() call in imx_pd_bind()
Date: Sat, 12 Oct 2019 19:16:58 +0000 [thread overview]
Message-ID: <CAEkB2ERCGJ6abNXfPNX7nbwkwD7qYTPYjYsNGzZwynn5CbPCzg@mail.gmail.com> (raw)
In-Reply-To: <3fd6aa8b-2529-7ff5-3e19-05267101b2a4@web.de>
On Sat, Oct 12, 2019 at 4:07 AM Markus Elfring <Markus.Elfring@web.de> wrote:
>
> From: Markus Elfring <elfring@users.sourceforge.net>
> Date: Sat, 12 Oct 2019 10:30:21 +0200
>
> The return value from a call of the function “kmemdup” was not checked
> in this function implementation. Thus add the corresponding error handling.
>
> Fixes: 19022aaae677dfa171a719e9d1ff04823ce65a65 ("staging: drm/imx: Add parallel display support")
> Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
> ---
> drivers/gpu/drm/imx/parallel-display.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/imx/parallel-display.c b/drivers/gpu/drm/imx/parallel-display.c
> index 35518e5de356..39c4798f56b6 100644
> --- a/drivers/gpu/drm/imx/parallel-display.c
> +++ b/drivers/gpu/drm/imx/parallel-display.c
> @@ -210,8 +210,13 @@ static int imx_pd_bind(struct device *dev, struct device *master, void *data)
> return -ENOMEM;
>
> edidp = of_get_property(np, "edid", &imxpd->edid_len);
> - if (edidp)
> + if (edidp) {
> imxpd->edid = kmemdup(edidp, imxpd->edid_len, GFP_KERNEL);
> + if (!imxpd->edid) {
> + devm_kfree(dev, imxpd);
You should not try to free imxpd here as it is a resource-managed
allocation via devm_kzalloc(). It means memory allocated with this
function is
automatically freed on driver detach. So, this patch introduces a double-free.
> + return -ENOMEM;
> + }
> + }
>
> ret = of_property_read_string(np, "interface-pix-fmt", &fmt);
> if (!ret) {
> --
> 2.23.0
>
--
Navid.
WARNING: multiple messages have this Message-ID (diff)
From: Navid Emamdoost <navid.emamdoost@gmail.com>
To: Markus Elfring <Markus.Elfring@web.de>
Cc: Thierry Reding <thierry.reding@gmail.com>,
Rob Herring <robh@kernel.org>,
kernel-janitors@vger.kernel.org,
Pengutronix Kernel Team <kernel@pengutronix.de>,
David Airlie <airlied@linux.ie>, Shawn Guo <shawnguo@kernel.org>,
Sascha Hauer <s.hauer@pengutronix.de>, Kangjie Lu <kjlu@umn.edu>,
LKML <linux-kernel@vger.kernel.org>,
dri-devel@lists.freedesktop.org,
Navid Emamdoost <emamd001@umn.edu>,
Peter Senna Tschudin <peter.senna@collabora.com>,
NXP Linux Team <linux-imx@nxp.com>,
Daniel Vetter <daniel@ffwll.ch>,
Stephen McCamant <smccaman@umn.edu>,
Philipp Zabel <p.zabel@pengutronix.de>,
Fabio Estevam <festevam@gmail.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 1/2] drm/imx: Fix error handling for a kmemdup() call in imx_pd_bind()
Date: Sat, 12 Oct 2019 14:16:58 -0500 [thread overview]
Message-ID: <CAEkB2ERCGJ6abNXfPNX7nbwkwD7qYTPYjYsNGzZwynn5CbPCzg@mail.gmail.com> (raw)
In-Reply-To: <3fd6aa8b-2529-7ff5-3e19-05267101b2a4@web.de>
On Sat, Oct 12, 2019 at 4:07 AM Markus Elfring <Markus.Elfring@web.de> wrote:
>
> From: Markus Elfring <elfring@users.sourceforge.net>
> Date: Sat, 12 Oct 2019 10:30:21 +0200
>
> The return value from a call of the function “kmemdup” was not checked
> in this function implementation. Thus add the corresponding error handling.
>
> Fixes: 19022aaae677dfa171a719e9d1ff04823ce65a65 ("staging: drm/imx: Add parallel display support")
> Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
> ---
> drivers/gpu/drm/imx/parallel-display.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/imx/parallel-display.c b/drivers/gpu/drm/imx/parallel-display.c
> index 35518e5de356..39c4798f56b6 100644
> --- a/drivers/gpu/drm/imx/parallel-display.c
> +++ b/drivers/gpu/drm/imx/parallel-display.c
> @@ -210,8 +210,13 @@ static int imx_pd_bind(struct device *dev, struct device *master, void *data)
> return -ENOMEM;
>
> edidp = of_get_property(np, "edid", &imxpd->edid_len);
> - if (edidp)
> + if (edidp) {
> imxpd->edid = kmemdup(edidp, imxpd->edid_len, GFP_KERNEL);
> + if (!imxpd->edid) {
> + devm_kfree(dev, imxpd);
You should not try to free imxpd here as it is a resource-managed
allocation via devm_kzalloc(). It means memory allocated with this
function is
automatically freed on driver detach. So, this patch introduces a double-free.
> + return -ENOMEM;
> + }
> + }
>
> ret = of_property_read_string(np, "interface-pix-fmt", &fmt);
> if (!ret) {
> --
> 2.23.0
>
--
Navid.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-10-12 19:17 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-04 19:09 [PATCH] drm/imx: fix memory leak in imx_pd_bind Navid Emamdoost
2019-10-04 19:09 ` Navid Emamdoost
2019-10-04 19:09 ` Navid Emamdoost
2019-10-05 15:02 ` Markus Elfring
2019-10-05 15:02 ` Markus Elfring
2019-10-05 15:02 ` Markus Elfring
2019-10-12 11:54 ` Markus Elfring
2019-10-12 11:54 ` Markus Elfring
2019-10-12 11:54 ` Markus Elfring
2019-10-12 19:22 ` Navid Emamdoost
2019-10-12 19:22 ` Navid Emamdoost
2019-10-12 19:22 ` Navid Emamdoost
2019-10-06 9:33 ` drm/imx: Checking a kmemdup() call in imx_pd_bind() Markus Elfring
2019-10-06 9:33 ` Markus Elfring
2019-10-06 9:33 ` Markus Elfring
2019-10-07 4:26 ` Navid Emamdoost
2019-10-07 4:26 ` Navid Emamdoost
2019-10-07 4:26 ` Navid Emamdoost
2019-10-07 7:44 ` Markus Elfring
2019-10-07 7:44 ` Markus Elfring
2019-10-07 7:44 ` Markus Elfring
2019-10-07 7:44 ` Markus Elfring
2019-10-12 9:04 ` [PATCH 0/2] drm/imx: Adjustments for two functions Markus Elfring
2019-10-12 9:04 ` Markus Elfring
2019-10-12 9:04 ` Markus Elfring
2019-10-12 9:04 ` Markus Elfring
2019-10-12 9:07 ` [PATCH 1/2] drm/imx: Fix error handling for a kmemdup() call in imx_pd_bind() Markus Elfring
2019-10-12 9:07 ` Markus Elfring
2019-10-12 9:07 ` Markus Elfring
2019-10-12 19:16 ` Navid Emamdoost [this message]
2019-10-12 19:16 ` Navid Emamdoost
2019-10-12 19:16 ` Navid Emamdoost
2019-10-12 19:24 ` Julia Lawall
2019-10-12 19:24 ` Julia Lawall
2019-10-12 19:24 ` Julia Lawall
2019-10-12 9:10 ` [PATCH 2/2] drm/imx: Fix error handling for a kmemdup() call in imx_ldb_panel_ddc() Markus Elfring
2019-10-12 9:10 ` Markus Elfring
2019-10-12 9:10 ` Markus Elfring
2019-11-21 18:31 ` [PATCH] drm/imx: fix memory leak in imx_pd_bind Navid Emamdoost
2019-11-21 18:31 ` Navid Emamdoost
2019-11-21 18:31 ` Navid Emamdoost
2019-11-22 7:22 ` Marco Felsch
2019-11-22 7:22 ` Marco Felsch
2019-11-22 7:22 ` Marco Felsch
2019-11-22 17:43 ` Navid Emamdoost
2019-11-22 17:43 ` Navid Emamdoost
2019-11-22 17:43 ` Navid Emamdoost
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEkB2ERCGJ6abNXfPNX7nbwkwD7qYTPYjYsNGzZwynn5CbPCzg@mail.gmail.com \
--to=navid.emamdoost@gmail.com \
--cc=Markus.Elfring@web.de \
--cc=airlied@linux.ie \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=emamd001@umn.edu \
--cc=festevam@gmail.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=kernel@pengutronix.de \
--cc=kjlu@umn.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-imx@nxp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=p.zabel@pengutronix.de \
--cc=peter.senna@collabora.com \
--cc=robh@kernel.org \
--cc=s.hauer@pengutronix.de \
--cc=shawnguo@kernel.org \
--cc=smccaman@umn.edu \
--cc=thierry.reding@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.