From patchwork Fri Jun 10 09:28:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Ripard X-Patchwork-Id: 12877205 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 356AEC433EF for ; Fri, 10 Jun 2022 09:30:42 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 454CE11B292; Fri, 10 Jun 2022 09:30:32 +0000 (UTC) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) by gabe.freedesktop.org (Postfix) with ESMTPS id CA69F11B33E for ; Fri, 10 Jun 2022 09:30:29 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 123765C01AE; Fri, 10 Jun 2022 05:30:29 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Fri, 10 Jun 2022 05:30:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cerno.tech; h=cc :cc:content-transfer-encoding:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1654853429; x=1654939829; bh=oZ uETHlNIqitNxX7W5Y3EO0bKGhGn6H4O2CkEmgsESw=; b=frP0jiV+W3oKrgjabF quA1lC2IqRfDmSCNjy6ek4VLMzP+N/8IScftqGZoCrmF980SAKz7epd7dF5osHz0 ToCE+JsVJ+xmabfuilfMlGIwZ9bfAOjYQ8a18HB1x+qZ3kCPXXonfVbkUyZKKczo fMcOCBS/GgZ9/ofkINWSf85D3wThGj0X0TqZBWsAQBWym66DdfXGJdfshCBiUnEe sfap6856a8guRdYct6EdSGmtAH1bvBTsos/xO/X5EIL3oSBW7GrvxZz+IowmTchZ Vo09H5XTCCqJT55kYopjuFzkpMStOp22PVq1nfNbxd6yDCKhgGKkDHcTDyejfcxg aFpQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1654853429; x=1654939829; bh=oZuETHlNIqitN xX7W5Y3EO0bKGhGn6H4O2CkEmgsESw=; b=CaVNAXkfDDQPMJlULZIDG0rlBGpqU oLNpsR6blMcY19fRBkWUiUSf7uMFIRqEPABSxs/UYzPe50OKrmrOYKuEn29GB4o1 VDcTlnYulHNunX+ggdvUUMEPPFWiD/2NSVyjwIVMHR53F9JViYYz1hPB6Z8KeVls DVJnukmyecvuWQ81SJ8LkDtXZ1Jyj8/N+babk857yjQ1s7hlsROKiyRGgTzw/XgP N82rFhLYofwJVnt0nd8uhWXXDQmpVPZy5PjcwrQlfOI4jibwaE8PCqOwWsdePzJ0 rkmOsrjfouDygalvcu5Qz7f6+PBdah3Yw7dO/xUsSKi+bsBvK4ZWV65fg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudduuddgudeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepofgrgihi mhgvucftihhprghrugcuoehmrgigihhmvgestggvrhhnohdrthgvtghhqeenucggtffrrg htthgvrhhnpeelkeefteduhfekjeeihfetudfguedvveekkeetteekhfekhfdtlefgfedu vdejhfenucevlhhushhtvghrufhiiigvpeegnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hmrgigihhmvgestggvrhhnohdrthgvtghh X-ME-Proxy: Feedback-ID: i8771445c:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 10 Jun 2022 05:30:28 -0400 (EDT) From: Maxime Ripard To: Daniel Vetter , David Airlie , Maarten Lankhorst , Thomas Zimmermann , Maxime Ripard Subject: [PATCH 34/64] drm/vc4: hdmi: Switch to drmm_kzalloc Date: Fri, 10 Jun 2022 11:28:54 +0200 Message-Id: <20220610092924.754942-35-maxime@cerno.tech> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220610092924.754942-1-maxime@cerno.tech> References: <20220610092924.754942-1-maxime@cerno.tech> MIME-Version: 1.0 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dri-devel@lists.freedesktop.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" Our internal structure that stores the DRM entities structure is allocated through a device-managed kzalloc. This means that this will eventually be freed whenever the device is removed. In our case, the most like source of removal is that the main device is going to be unbound, and component_unbind_all() is being run. However, it occurs while the DRM device is still registered, which will create dangling pointers, eventually resulting in use-after-free. Switch to a DRM-managed allocation to keep our structure until the DRM driver doesn't need it anymore. Signed-off-by: Maxime Ripard --- drivers/gpu/drm/vc4/vc4_hdmi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vc4/vc4_hdmi.c b/drivers/gpu/drm/vc4/vc4_hdmi.c index 6aadb65eb640..eb8ff7b258d1 100644 --- a/drivers/gpu/drm/vc4/vc4_hdmi.c +++ b/drivers/gpu/drm/vc4/vc4_hdmi.c @@ -2833,9 +2833,10 @@ static int vc4_hdmi_bind(struct device *dev, struct device *master, void *data) struct device_node *ddc_node; int ret; - vc4_hdmi = devm_kzalloc(dev, sizeof(*vc4_hdmi), GFP_KERNEL); + vc4_hdmi = drmm_kzalloc(drm, sizeof(*vc4_hdmi), GFP_KERNEL); if (!vc4_hdmi) return -ENOMEM; + mutex_init(&vc4_hdmi->mutex); spin_lock_init(&vc4_hdmi->hw_lock); INIT_DELAYED_WORK(&vc4_hdmi->scrambling_work, vc4_hdmi_scrambling_wq);