[PATCH] drm/plane: Move range check for format_count earlier
Carsten Haitzler
carsten.haitzler at foss.arm.com
Fri Dec 3 16:33:13 UTC 2021
On 12/3/21 13:08, Liviu Dudau wrote:
> On Fri, Dec 03, 2021 at 10:28:15AM +0000, Steven Price wrote:
>> While the check for format_count > 64 in __drm_universal_plane_init()
>> shouldn't be hit (it's a WARN_ON), in its current position it will then
>> leak the plane->format_types array and fail to call
>> drm_mode_object_unregister() leaking the modeset identifier. Move it to
>> the start of the function to avoid allocating those resources in the
>> first place.
>>
>> Signed-off-by: Steven Price <steven.price at arm.com>
>
> Well spotted!
>
> Reviewed-by: Liviu Dudau <liviu.dudau at arm.com>
>
> I'm going to wait to see if anyone else has any comments before I'll merge this into
> drm-misc-fixes (or should it be drm-misc-next-fixes?)
This definitely looks to fix an ugly I spotted too while looking at your
prior patch thinking it might be wrong so a +1 from me.
> Best regards,
> Liviu
>
>> ---
>> drivers/gpu/drm/drm_plane.c | 14 +++++++-------
>> 1 file changed, 7 insertions(+), 7 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c
>> index 82afb854141b..fd0bf90fb4c2 100644
>> --- a/drivers/gpu/drm/drm_plane.c
>> +++ b/drivers/gpu/drm/drm_plane.c
>> @@ -249,6 +249,13 @@ static int __drm_universal_plane_init(struct drm_device *dev,
>> if (WARN_ON(config->num_total_plane >= 32))
>> return -EINVAL;
>>
>> + /*
>> + * First driver to need more than 64 formats needs to fix this. Each
>> + * format is encoded as a bit and the current code only supports a u64.
>> + */
>> + if (WARN_ON(format_count > 64))
>> + return -EINVAL;
>> +
>> WARN_ON(drm_drv_uses_atomic_modeset(dev) &&
>> (!funcs->atomic_destroy_state ||
>> !funcs->atomic_duplicate_state));
>> @@ -270,13 +277,6 @@ static int __drm_universal_plane_init(struct drm_device *dev,
>> return -ENOMEM;
>> }
>>
>> - /*
>> - * First driver to need more than 64 formats needs to fix this. Each
>> - * format is encoded as a bit and the current code only supports a u64.
>> - */
>> - if (WARN_ON(format_count > 64))
>> - return -EINVAL;
>> -
>> if (format_modifiers) {
>> const uint64_t *temp_modifiers = format_modifiers;
>>
>> --
>> 2.25.1
>>
>
More information about the dri-devel
mailing list