[Intel-gfx] [PATCH] drm/i915: Protect against leaks in pipe_crc_set_source
Ville Syrjälä
ville.syrjala at linux.intel.com
Wed Dec 10 06:45:21 PST 2014
On Wed, Dec 10, 2014 at 11:02:20AM +0100, Daniel Vetter wrote:
> Stupid userspace (there is no evil userspace in debugfs by assumption)
> might provoke a leak since we allocate the new array without holding
> any locks. Drop in an unconditional kfree to deal with this - kfree
> can handle NULL.
>
> Cc: Ville Syrjälä <ville.syrjala at linux.intel.com>
> Signed-off-by: Daniel Vetter <daniel.vetter at intel.com>
I thought we had some higher level protection in pipe_crc_set_source()
but indeed we don't. So yeah it can still race with itself, but no
longer leak with your fix.
Reviewed-by: Ville Syrjälä <ville.syrjala at linux.intel.com>
> ---
> drivers/gpu/drm/i915/i915_debugfs.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c
> index 72bb5aef9590..923e7575bb53 100644
> --- a/drivers/gpu/drm/i915/i915_debugfs.c
> +++ b/drivers/gpu/drm/i915/i915_debugfs.c
> @@ -3433,6 +3433,7 @@ static int pipe_crc_set_source(struct drm_device *dev, enum pipe pipe,
> hsw_disable_ips(crtc);
>
> spin_lock_irq(&pipe_crc->lock);
> + kfree(pipe_crc->entries);
> pipe_crc->entries = entries;
> pipe_crc->head = 0;
> pipe_crc->tail = 0;
> --
> 2.1.1
--
Ville Syrjälä
Intel OTC
More information about the Intel-gfx
mailing list