[BUG] EDID leaks kernel memory

Daniel Vetter daniel at ffwll.ch
Mon Aug 13 07:24:37 PDT 2012


On Sat, Aug 11, 2012 at 6:51 PM, Russell King - ARM Linux
<linux at arm.linux.org.uk> wrote:
> Hi,
>
> While looking at the kernel DRM code, I've noticed that in many places
> we kmalloc() memory to store the raw EDID information, whether it be
> from a DDC adapter, or loaded from firmware.
>
> Nowhere can I find where this memory is freed.  It seems in several
> places that we assign it into connector->display_info.raw_edid, and
> next time we obtain EDID information, we re-kmalloc and overwrite this
> pointer.
>
> Note that some drivers do kfree() this memory themselves after blindly
> setting connector->display_info.raw_edid to NULL...
>
> Can someone please point me to where this memory is freed?  If not, I'll
> cook up a patch to add some kfree's.

Afaik the right thing is to simply kill the raw_edid pointer and
handle the edid kmalloc simple as some temp storage fully controlled
by the drivers.

I've volunteered Jani from our team to cook up a few patches to handle this.

Yours, Daniel
-- 
Daniel Vetter
daniel.vetter at ffwll.ch - +41 (0) 79 364 57 48 - http://blog.ffwll.ch


More information about the dri-devel mailing list