[PATCH 47/64] drm/vc4: txp: Switch to drmm_kzalloc
Thomas Zimmermann
tzimmermann at suse.de
Mon Jun 20 11:17:51 UTC 2022
Am 10.06.22 um 11:29 schrieb Maxime Ripard:
> Our internal structure that stores the DRM entities structure is allocated
> through a device-managed kzalloc.
>
> This means that this will eventually be freed whenever the device is
> removed. In our case, the most like source of removal is that the main
> device is going to be unbound, and component_unbind_all() is being run.
>
> However, it occurs while the DRM device is still registered, which will
> create dangling pointers, eventually resulting in use-after-free.
>
> Switch to a DRM-managed allocation to keep our structure until the DRM
> driver doesn't need it anymore.
>
> Signed-off-by: Maxime Ripard <maxime at cerno.tech>
Acked-by: Thomas Zimmermann <tzimmermann at suse.de>
> ---
> drivers/gpu/drm/vc4/vc4_txp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/vc4/vc4_txp.c b/drivers/gpu/drm/vc4/vc4_txp.c
> index 51ac01838093..6a16b2798724 100644
> --- a/drivers/gpu/drm/vc4/vc4_txp.c
> +++ b/drivers/gpu/drm/vc4/vc4_txp.c
> @@ -477,7 +477,7 @@ static int vc4_txp_bind(struct device *dev, struct device *master, void *data)
> if (irq < 0)
> return irq;
>
> - txp = devm_kzalloc(dev, sizeof(*txp), GFP_KERNEL);
> + txp = drmm_kzalloc(drm, sizeof(*txp), GFP_KERNEL);
> if (!txp)
> return -ENOMEM;
> vc4_crtc = &txp->base;
--
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20220620/3ccb1646/attachment.sig>
More information about the dri-devel
mailing list