[PATCH] drm/prime: Fix drm_gem_prime_mmap() stack use
Daniel Vetter
daniel at ffwll.ch
Thu Nov 22 09:06:14 UTC 2018
On Wed, Nov 21, 2018 at 07:02:15PM +0100, Noralf Trønnes wrote:
> drivers/gpu/drm/drm_prime.c: In function 'drm_gem_prime_mmap':
> >> drivers/gpu/drm/drm_prime.c:688:1: warning: the frame size of 1592 bytes is larger than 1024 bytes [-Wframe-larger-than=]
>
> Fix by allocating on the heap.
>
> Fixes: 7698799f9554 ("drm/prime: Add drm_gem_prime_mmap()")
> Reported-by: kbuild test robot <lkp at intel.com>
> Cc: Daniel Vetter <daniel.vetter at ffwll.ch>
> Cc: Christian König <christian.koenig at amd.com>
> Signed-off-by: Noralf Trønnes <noralf at tronnes.org>
Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>
> ---
> drivers/gpu/drm/drm_prime.c | 31 ++++++++++++++++++++-----------
> 1 file changed, 20 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c
> index 5737cb8c6f03..231e3f6d5f41 100644
> --- a/drivers/gpu/drm/drm_prime.c
> +++ b/drivers/gpu/drm/drm_prime.c
> @@ -663,24 +663,33 @@ EXPORT_SYMBOL(drm_gem_prime_handle_to_fd);
> */
> int drm_gem_prime_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma)
> {
> - /* Used by drm_gem_mmap() to lookup the GEM object */
> - struct drm_file priv = {
> - .minor = obj->dev->primary,
> - };
> - struct file fil = {
> - .private_data = &priv,
> - };
> + struct drm_file *priv;
> + struct file *fil;
> int ret;
>
> - ret = drm_vma_node_allow(&obj->vma_node, &priv);
> + priv = kzalloc(sizeof(*priv), GFP_KERNEL);
> + fil = kzalloc(sizeof(*fil), GFP_KERNEL);
> + if (!priv || !fil) {
> + ret = -ENOMEM;
> + goto out;
> + }
> +
> + /* Used by drm_gem_mmap() to lookup the GEM object */
> + priv->minor = obj->dev->primary;
> + fil->private_data = priv;
> +
> + ret = drm_vma_node_allow(&obj->vma_node, priv);
> if (ret)
> - return ret;
> + goto out;
>
> vma->vm_pgoff += drm_vma_node_start(&obj->vma_node);
>
> - ret = obj->dev->driver->fops->mmap(&fil, vma);
> + ret = obj->dev->driver->fops->mmap(fil, vma);
>
> - drm_vma_node_revoke(&obj->vma_node, &priv);
> + drm_vma_node_revoke(&obj->vma_node, priv);
> +out:
> + kfree(priv);
> + kfree(fil);
>
> return ret;
> }
> --
> 2.15.1
>
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
More information about the dri-devel
mailing list