[PATCH] drm/plane: Move range check for format_count earlier

Steven Price steven.price at arm.com
Thu Apr 28 11:57:52 UTC 2022


On 03/12/2021 13:08, Liviu Dudau wrote:
> On Fri, Dec 03, 2021 at 10:28:15AM +0000, Steven Price wrote:
>> While the check for format_count > 64 in __drm_universal_plane_init()
>> shouldn't be hit (it's a WARN_ON), in its current position it will then
>> leak the plane->format_types array and fail to call
>> drm_mode_object_unregister() leaking the modeset identifier. Move it to
>> the start of the function to avoid allocating those resources in the
>> first place.
>>
>> Signed-off-by: Steven Price <steven.price at arm.com>
> 
> Well spotted!
> 
> Reviewed-by: Liviu Dudau <liviu.dudau at arm.com>
> 
> I'm going to wait to see if anyone else has any comments before I'll merge this into
> drm-misc-fixes (or should it be drm-misc-next-fixes?)

Gentle ping! I think we've probably waited long enough. Are you going to
merge this or would you like me to?

Thanks,

Steve

> Best regards,
> Liviu
> 
>> ---
>>  drivers/gpu/drm/drm_plane.c | 14 +++++++-------
>>  1 file changed, 7 insertions(+), 7 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c
>> index 82afb854141b..fd0bf90fb4c2 100644
>> --- a/drivers/gpu/drm/drm_plane.c
>> +++ b/drivers/gpu/drm/drm_plane.c
>> @@ -249,6 +249,13 @@ static int __drm_universal_plane_init(struct drm_device *dev,
>>  	if (WARN_ON(config->num_total_plane >= 32))
>>  		return -EINVAL;
>>  
>> +	/*
>> +	 * First driver to need more than 64 formats needs to fix this. Each
>> +	 * format is encoded as a bit and the current code only supports a u64.
>> +	 */
>> +	if (WARN_ON(format_count > 64))
>> +		return -EINVAL;
>> +
>>  	WARN_ON(drm_drv_uses_atomic_modeset(dev) &&
>>  		(!funcs->atomic_destroy_state ||
>>  		 !funcs->atomic_duplicate_state));
>> @@ -270,13 +277,6 @@ static int __drm_universal_plane_init(struct drm_device *dev,
>>  		return -ENOMEM;
>>  	}
>>  
>> -	/*
>> -	 * First driver to need more than 64 formats needs to fix this. Each
>> -	 * format is encoded as a bit and the current code only supports a u64.
>> -	 */
>> -	if (WARN_ON(format_count > 64))
>> -		return -EINVAL;
>> -
>>  	if (format_modifiers) {
>>  		const uint64_t *temp_modifiers = format_modifiers;
>>  
>> -- 
>> 2.25.1
>>
> 



More information about the dri-devel mailing list