[PATCH] drm: fix use of freed memory in drm_mode_setcrtc
Tomi Valkeinen
tomi.valkeinen at ti.com
Mon Sep 17 14:51:27 UTC 2018
On 17/09/18 17:41, Ville Syrjälä wrote:
> On Mon, Sep 17, 2018 at 02:00:54PM +0300, Tomi Valkeinen wrote:
>> drm_mode_setcrtc() retries modesetting in case one of the functions it
>> calls returns -EDEADLK. connector_set, mode and fb are freed before
>> retrying, but they are not set to NULL. This can cause
>> drm_mode_setcrtc() to use those variables.
>>
>> For example: On the first try __drm_mode_set_config_internal() returns
>> -EDEADLK. connector_set, mode and fb are freed. Next retry starts, and
>> drm_modeset_lock_all_ctx() returns -EDEADLK, and we jump to 'out'. The
>> code will happily try to release all three again.
>
> This thing uses lock_all() so I guess the EDEADLK must be coming from
> some private locks in the driver?
Yes, I've seen this cause issues only with Benoit's work-in-progress
omapdrm patches.
> Anyways, patch looks good so
> Reviewed-by: Ville Syrjälä <ville.syrjala at linux.intel.com>
Thanks!
Tomi
--
Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki.
Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki
More information about the dri-devel
mailing list