Re: [PATCH] drm/plane: Move range check for format_count earlier

From: Liviu Dudau
Date: Fri Dec 03 2021 - 08:08:24 EST

Next message: Kieran Bingham: "Re: [PATCH v1 1/1] media: i2c: max9286: Get rid of duplicate of_node assignment"
Previous message: Robin Murphy: "Re: [PATCH 0/3] Allow restricted-dma-pool to customize IO_TLB_SEGSIZE"
In reply to: Steven Price: "[PATCH] drm/plane: Move range check for format_count earlier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 03, 2021 at 10:28:15AM +0000, Steven Price wrote:
> While the check for format_count > 64 in __drm_universal_plane_init()
> shouldn't be hit (it's a WARN_ON), in its current position it will then
> leak the plane->format_types array and fail to call
> drm_mode_object_unregister() leaking the modeset identifier. Move it to
> the start of the function to avoid allocating those resources in the
> first place.
>
> Signed-off-by: Steven Price <steven.price@xxxxxxx>

Well spotted!

Reviewed-by: Liviu Dudau <liviu.dudau@xxxxxxx>

I'm going to wait to see if anyone else has any comments before I'll merge this into
drm-misc-fixes (or should it be drm-misc-next-fixes?)

Best regards,
Liviu

> ---
> drivers/gpu/drm/drm_plane.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c
> index 82afb854141b..fd0bf90fb4c2 100644
> --- a/drivers/gpu/drm/drm_plane.c
> +++ b/drivers/gpu/drm/drm_plane.c
> @@ -249,6 +249,13 @@ static int __drm_universal_plane_init(struct drm_device *dev,
> if (WARN_ON(config->num_total_plane >= 32))
> return -EINVAL;
>
> + /*
> + * First driver to need more than 64 formats needs to fix this. Each
> + * format is encoded as a bit and the current code only supports a u64.
> + */
> + if (WARN_ON(format_count > 64))
> + return -EINVAL;
> +
> WARN_ON(drm_drv_uses_atomic_modeset(dev) &&
> (!funcs->atomic_destroy_state ||
> !funcs->atomic_duplicate_state));
> @@ -270,13 +277,6 @@ static int __drm_universal_plane_init(struct drm_device *dev,
> return -ENOMEM;
> }
>
> - /*
> - * First driver to need more than 64 formats needs to fix this. Each
> - * format is encoded as a bit and the current code only supports a u64.
> - */
> - if (WARN_ON(format_count > 64))
> - return -EINVAL;
> -
> if (format_modifiers) {
> const uint64_t *temp_modifiers = format_modifiers;
>
> --
> 2.25.1
>

--
====================
| I would like to |
| fix the world, |
| but they're not |
| giving me the |
\ source code! /
---------------
¯\_(ツ)_/¯

Next message: Kieran Bingham: "Re: [PATCH v1 1/1] media: i2c: max9286: Get rid of duplicate of_node assignment"
Previous message: Robin Murphy: "Re: [PATCH 0/3] Allow restricted-dma-pool to customize IO_TLB_SEGSIZE"
In reply to: Steven Price: "[PATCH] drm/plane: Move range check for format_count earlier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]