[Intel-gfx] [PATCH v2] drm/i915/display: Fix a use-after-free when intel_edp_init_connector fails
Jani Nikula
jani.nikula at intel.com
Fri Jun 2 17:43:31 UTC 2023
On Mon, 29 May 2023, Jani Nikula <jani.nikula at intel.com> wrote:
> From: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
>
> We enable the DP aux channel during probe, but may free the connector
> soon afterwards. Ensure the DP aux display power put (and any other
> async put for that matter) is completed before everything is freed, to
> prevent a use-after-free in icl_aux_pw_to_phy(), called from
> icl_combo_phy_aux_power_well_disable.
>
> v2 by Jani:
> - do a regular flush before freeing dig_port
>
> Cc: Imre Deak <imre.deak at intel.com>
> Signed-off-by: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
> Signed-off-by: Jani Nikula <jani.nikula at intel.com>
>
> ---
>
> v2 of https://patchwork.freedesktop.org/patch/msgid/20221220094618.207126-1-maarten.lankhorst@linux.intel.com
>
> The encoder cleanup paths could use some cleanup and unification, but do
> what's needed here.
Pushed [1] instead, which I'd missed.
BR,
Jani.
[1] https://patchwork.freedesktop.org/patch/msgid/20221222201804.1380963-1-maarten.lankhorst@linux.intel.com
> ---
> drivers/gpu/drm/i915/display/g4x_dp.c | 2 ++
> drivers/gpu/drm/i915/display/intel_ddi.c | 2 ++
> 2 files changed, 4 insertions(+)
>
> diff --git a/drivers/gpu/drm/i915/display/g4x_dp.c b/drivers/gpu/drm/i915/display/g4x_dp.c
> index 112d91d81fdc..e8147c18fa93 100644
> --- a/drivers/gpu/drm/i915/display/g4x_dp.c
> +++ b/drivers/gpu/drm/i915/display/g4x_dp.c
> @@ -1379,6 +1379,8 @@ bool g4x_dp_init(struct drm_i915_private *dev_priv,
> return true;
>
> err_init_connector:
> + /* aync put accesses the dig_port, ensure it's done before free */
> + intel_display_power_flush_work(dev_priv);
> drm_encoder_cleanup(encoder);
> err_encoder_init:
> kfree(intel_connector);
> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c
> index d1a9a3cf94b5..dfa1c44dc442 100644
> --- a/drivers/gpu/drm/i915/display/intel_ddi.c
> +++ b/drivers/gpu/drm/i915/display/intel_ddi.c
> @@ -4971,6 +4971,8 @@ void intel_ddi_init(struct drm_i915_private *dev_priv, enum port port)
> return;
>
> err:
> + /* aync put accesses the dig_port, ensure it's done before free */
> + intel_display_power_flush_work(dev_priv);
> drm_encoder_cleanup(&encoder->base);
> kfree(dig_port);
> }
--
Jani Nikula, Intel Open Source Graphics Center
More information about the Intel-gfx
mailing list