| Message ID | 1395026886-14325-1-git-send-email-djkurtz@chromium.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Applied. Thanks, Inki Dae 2014-03-17 12:28 GMT+09:00 Daniel Kurtz <djkurtz@chromium.org>: > The following commit [0] fixed a use-after-free, but left the subdrv open > in the error path. > > [0] commit 6ca605f7c70895a35737435f17ae9cc5e36f1466 > drm/exynos: Fix freeing issues in exynos_drm_drv.c > > Change-Id: I452e944bf090fb11434d9e34213c890c41c15d73 > Signed-off-by: Daniel Kurtz <djkurtz@chromium.org> > --- > drivers/gpu/drm/exynos/exynos_drm_drv.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/exynos/exynos_drm_drv.c b/drivers/gpu/drm/exynos/exynos_drm_drv.c > index 215131a..c204b4e 100644 > --- a/drivers/gpu/drm/exynos/exynos_drm_drv.c > +++ b/drivers/gpu/drm/exynos/exynos_drm_drv.c > @@ -172,20 +172,24 @@ static int exynos_drm_open(struct drm_device *dev, struct drm_file *file) > > ret = exynos_drm_subdrv_open(dev, file); > if (ret) > - goto out; > + goto err_file_priv_free; > > anon_filp = anon_inode_getfile("exynos_gem", &exynos_drm_gem_fops, > NULL, 0); > if (IS_ERR(anon_filp)) { > ret = PTR_ERR(anon_filp); > - goto out; > + goto err_subdrv_close; > } > > anon_filp->f_mode = FMODE_READ | FMODE_WRITE; > file_priv->anon_filp = anon_filp; > > return ret; > -out: > + > +err_subdrv_close: > + exynos_drm_subdrv_close(dev, file); > + > +err_file_priv_free: > kfree(file_priv); > file->driver_priv = NULL; > return ret; > -- > 1.9.0.279.gdc9e3eb > > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/dri-devel
Inki Dae wrote: > > Applied. > > Thanks, > Inki Dae > > 2014-03-17 12:28 GMT+09:00 Daniel Kurtz <djkurtz@chromium.org>: > > The following commit [0] fixed a use-after-free, but left the subdrv > open > > in the error path. > > > > [0] commit 6ca605f7c70895a35737435f17ae9cc5e36f1466 > > drm/exynos: Fix freeing issues in exynos_drm_drv.c > > > > Change-Id: I452e944bf090fb11434d9e34213c890c41c15d73 This should be removed when Inki apply this. Thanks, Kukjin > > Signed-off-by: Daniel Kurtz <djkurtz@chromium.org> > > --- > > drivers/gpu/drm/exynos/exynos_drm_drv.c | 10 +++++++--- > > 1 file changed, 7 insertions(+), 3 deletions(-)
2014-03-18 14:45 GMT+09:00 Kukjin Kim <kgene.kim@samsung.com>: > Inki Dae wrote: >> >> Applied. >> >> Thanks, >> Inki Dae >> >> 2014-03-17 12:28 GMT+09:00 Daniel Kurtz <djkurtz@chromium.org>: >> > The following commit [0] fixed a use-after-free, but left the subdrv >> open >> > in the error path. >> > >> > [0] commit 6ca605f7c70895a35737435f17ae9cc5e36f1466 >> > drm/exynos: Fix freeing issues in exynos_drm_drv.c >> > >> > Change-Id: I452e944bf090fb11434d9e34213c890c41c15d73 > > This should be removed when Inki apply this. > No, Daniel's patch just complements above previous one that is what I missed. Thanks, Inki Dae > Thanks, > Kukjin > >> > Signed-off-by: Daniel Kurtz <djkurtz@chromium.org> >> > --- >> > drivers/gpu/drm/exynos/exynos_drm_drv.c | 10 +++++++--- >> > 1 file changed, 7 insertions(+), 3 deletions(-) > > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
On Tue, Mar 18, 2014 at 2:08 PM, Inki Dae <inki.dae@samsung.com> wrote: > 2014-03-18 14:45 GMT+09:00 Kukjin Kim <kgene.kim@samsung.com>: >> Inki Dae wrote: >>> >>> Applied. >>> >>> Thanks, >>> Inki Dae >>> >>> 2014-03-17 12:28 GMT+09:00 Daniel Kurtz <djkurtz@chromium.org>: >>> > The following commit [0] fixed a use-after-free, but left the subdrv >>> open >>> > in the error path. >>> > >>> > [0] commit 6ca605f7c70895a35737435f17ae9cc5e36f1466 >>> > drm/exynos: Fix freeing issues in exynos_drm_drv.c >>> > >>> > Change-Id: I452e944bf090fb11434d9e34213c890c41c15d73 >> >> This should be removed when Inki apply this. >> > > No, Daniel's patch just complements above previous one that is what I missed. > Inki, Ah, sorry for the original double post. The first one (with the "Change-Id") went out too soon, and I forgot to ask for it to be ignored. Hopefully you picked up the second patch with the corrected commit message. Thanks, Daniel > Thanks, > Inki Dae > >> Thanks, >> Kukjin >> >>> > Signed-off-by: Daniel Kurtz <djkurtz@chromium.org> >>> > --- >>> > drivers/gpu/drm/exynos/exynos_drm_drv.c | 10 +++++++--- >>> > 1 file changed, 7 insertions(+), 3 deletions(-) >> >> >> _______________________________________________ >> linux-arm-kernel mailing list >> linux-arm-kernel@lists.infradead.org >> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
diff --git a/drivers/gpu/drm/exynos/exynos_drm_drv.c b/drivers/gpu/drm/exynos/exynos_drm_drv.c index 215131a..c204b4e 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_drv.c +++ b/drivers/gpu/drm/exynos/exynos_drm_drv.c @@ -172,20 +172,24 @@ static int exynos_drm_open(struct drm_device *dev, struct drm_file *file) ret = exynos_drm_subdrv_open(dev, file); if (ret) - goto out; + goto err_file_priv_free; anon_filp = anon_inode_getfile("exynos_gem", &exynos_drm_gem_fops, NULL, 0); if (IS_ERR(anon_filp)) { ret = PTR_ERR(anon_filp); - goto out; + goto err_subdrv_close; } anon_filp->f_mode = FMODE_READ | FMODE_WRITE; file_priv->anon_filp = anon_filp; return ret; -out: + +err_subdrv_close: + exynos_drm_subdrv_close(dev, file); + +err_file_priv_free: kfree(file_priv); file->driver_priv = NULL; return ret;
The following commit [0] fixed a use-after-free, but left the subdrv open in the error path. [0] commit 6ca605f7c70895a35737435f17ae9cc5e36f1466 drm/exynos: Fix freeing issues in exynos_drm_drv.c Change-Id: I452e944bf090fb11434d9e34213c890c41c15d73 Signed-off-by: Daniel Kurtz <djkurtz@chromium.org> --- drivers/gpu/drm/exynos/exynos_drm_drv.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)