[PATCH] drm/prime: Fix drm_gem_prime_mmap() stack use
Noralf Trønnes
noralf at tronnes.org
Thu Nov 22 15:04:18 UTC 2018
Den 22.11.2018 10.06, skrev Daniel Vetter:
> On Wed, Nov 21, 2018 at 07:02:15PM +0100, Noralf Trønnes wrote:
>> drivers/gpu/drm/drm_prime.c: In function 'drm_gem_prime_mmap':
>>>> drivers/gpu/drm/drm_prime.c:688:1: warning: the frame size of 1592 bytes is larger than 1024 bytes [-Wframe-larger-than=]
>> Fix by allocating on the heap.
>>
>> Fixes: 7698799f9554 ("drm/prime: Add drm_gem_prime_mmap()")
>> Reported-by: kbuild test robot <lkp at intel.com>
>> Cc: Daniel Vetter <daniel.vetter at ffwll.ch>
>> Cc: Christian König <christian.koenig at amd.com>
>> Signed-off-by: Noralf Trønnes <noralf at tronnes.org>
> Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>
Thanks Daniel, applied to drm-misc-next.
Noralf.
>
>> ---
>> drivers/gpu/drm/drm_prime.c | 31 ++++++++++++++++++++-----------
>> 1 file changed, 20 insertions(+), 11 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c
>> index 5737cb8c6f03..231e3f6d5f41 100644
>> --- a/drivers/gpu/drm/drm_prime.c
>> +++ b/drivers/gpu/drm/drm_prime.c
>> @@ -663,24 +663,33 @@ EXPORT_SYMBOL(drm_gem_prime_handle_to_fd);
>> */
>> int drm_gem_prime_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma)
>> {
>> - /* Used by drm_gem_mmap() to lookup the GEM object */
>> - struct drm_file priv = {
>> - .minor = obj->dev->primary,
>> - };
>> - struct file fil = {
>> - .private_data = &priv,
>> - };
>> + struct drm_file *priv;
>> + struct file *fil;
>> int ret;
>>
>> - ret = drm_vma_node_allow(&obj->vma_node, &priv);
>> + priv = kzalloc(sizeof(*priv), GFP_KERNEL);
>> + fil = kzalloc(sizeof(*fil), GFP_KERNEL);
>> + if (!priv || !fil) {
>> + ret = -ENOMEM;
>> + goto out;
>> + }
>> +
>> + /* Used by drm_gem_mmap() to lookup the GEM object */
>> + priv->minor = obj->dev->primary;
>> + fil->private_data = priv;
>> +
>> + ret = drm_vma_node_allow(&obj->vma_node, priv);
>> if (ret)
>> - return ret;
>> + goto out;
>>
>> vma->vm_pgoff += drm_vma_node_start(&obj->vma_node);
>>
>> - ret = obj->dev->driver->fops->mmap(&fil, vma);
>> + ret = obj->dev->driver->fops->mmap(fil, vma);
>>
>> - drm_vma_node_revoke(&obj->vma_node, &priv);
>> + drm_vma_node_revoke(&obj->vma_node, priv);
>> +out:
>> + kfree(priv);
>> + kfree(fil);
>>
>> return ret;
>> }
>> --
>> 2.15.1
>>
More information about the dri-devel
mailing list