[PATCH] drm/tidss: fix crash related to accessing freed memory

Tomi Valkeinen tomi.valkeinen at ti.com
Wed Apr 15 13:31:20 UTC 2020


Hi,

On 15/04/2020 15:45, Laurent Pinchart wrote:

>> +static void tidss_crtc_destroy(struct drm_crtc *crtc)
>> +{
>> +	struct tidss_crtc *tcrtc = to_tidss_crtc(crtc);
>> +
>> +	drm_crtc_cleanup(crtc);
>> +	kfree(tcrtc);
> 
> I would personally store the CRTC pointers, or embed the CRTC instances
> in the tidss_device structure, and free everything in the top-level
> tidss_release() handler, to avoid spreading the release code all around
> the driver. Same for planes and encoders. It may be a matter of personal
> taste though, but it would allow dropping the kfree() calls in
> individual error paths and centralize them in a single place if you
> store the allocated pointer in tidss_device right after allocation.

This seemed the easiest way to fix this for 5.7-rcs, without doing too many changes all around that 
might cause conflicts. The allocs and frees are close to each other, in the same files, although 
there's repetition of course.

  Tomi

-- 
Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki.
Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki


More information about the dri-devel mailing list