From patchwork Fri Jun 10 09:29:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Ripard X-Patchwork-Id: 12877222 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 62F6AC433EF for ; Fri, 10 Jun 2022 09:31:13 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 02C8F12B563; Fri, 10 Jun 2022 09:31:09 +0000 (UTC) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) by gabe.freedesktop.org (Postfix) with ESMTPS id E620F11B30D for ; Fri, 10 Jun 2022 09:30:51 +0000 (UTC) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 46B2E5C0081; Fri, 10 Jun 2022 05:30:51 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Fri, 10 Jun 2022 05:30:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cerno.tech; h=cc :cc:content-transfer-encoding:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1654853451; x=1654939851; bh=lF mS8uy0BgvHMzEs2yghKwIjuJ5pKcTYfwxL1FLXKp8=; b=c4Um/bZZEqKan+Gljh yKo+S2U+1TsK1zpiUtTq+tP+hEmad2+oyxmW8yjTPyYiIp/LbZ3FfrRpLb10cuZc iQCnNv2STyq9/IDxGv1tuf+M1kv89Pf1lI2M1wR/kCePoS30YR1sJ8VpcigREZAR BBqdJuy7CuK0yalBLVVw/fAxFtgRW6wJIFdyiHD62LoTFuQtAaecmgHWcj+yvnpV 7Pb6BmWULuAeVUfebwGGRh0HjxquoL1EhBa1QNbX32X/Cw7tg83fXjGy4rgvmG6n LMMD9dbHeZRGfdAEW06VE63u4NwNW8clpJ/mMUQDUnGkW7iRvNKuuyctEvimhnVE Lfjw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1654853451; x=1654939851; bh=lFmS8uy0BgvHM zEs2yghKwIjuJ5pKcTYfwxL1FLXKp8=; b=kMSS4L3+lOrcdzcd+ufFw6OCiGKD/ JP690lYeb7yYr08MeeJ8JQ9r2jzaXSVJDrcOz37DTuKyt8ICNpPkKExlyReERW6F UYtglshIiiK+/3dTij9+P7NS+IIwGS1/PhNepojXRNUosifJwg7e6UVJX/+BJy3N 1VeSUmHgzX3AvxYOT5DBGejWtKzuFaUYyYTMCCCVd2e6Sms67OyPNxoSNYqcYqqC e0wAe0R2ezNbPRIEqgCFLb2r9Nmy5mDo2l1LKp13YQA8nZvo38Z31UDK22fLIVaB LfPp/sdkwRIBAjJB/6VJEQhxeUzSEZNQ8v7T/DUfkRXW33rwvRANkZqZA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudduuddgudehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepofgrgihi mhgvucftihhprghrugcuoehmrgigihhmvgestggvrhhnohdrthgvtghhqeenucggtffrrg htthgvrhhnpeelkeefteduhfekjeeihfetudfguedvveekkeetteekhfekhfdtlefgfedu vdejhfenucevlhhushhtvghrufhiiigvpedufeenucfrrghrrghmpehmrghilhhfrhhomh epmhgrgihimhgvsegtvghrnhhordhtvggthh X-ME-Proxy: Feedback-ID: i8771445c:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 10 Jun 2022 05:30:50 -0400 (EDT) From: Maxime Ripard To: Daniel Vetter , David Airlie , Maarten Lankhorst , Thomas Zimmermann , Maxime Ripard Subject: [PATCH 47/64] drm/vc4: txp: Switch to drmm_kzalloc Date: Fri, 10 Jun 2022 11:29:07 +0200 Message-Id: <20220610092924.754942-48-maxime@cerno.tech> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220610092924.754942-1-maxime@cerno.tech> References: <20220610092924.754942-1-maxime@cerno.tech> MIME-Version: 1.0 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dri-devel@lists.freedesktop.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" Our internal structure that stores the DRM entities structure is allocated through a device-managed kzalloc. This means that this will eventually be freed whenever the device is removed. In our case, the most like source of removal is that the main device is going to be unbound, and component_unbind_all() is being run. However, it occurs while the DRM device is still registered, which will create dangling pointers, eventually resulting in use-after-free. Switch to a DRM-managed allocation to keep our structure until the DRM driver doesn't need it anymore. Signed-off-by: Maxime Ripard Acked-by: Thomas Zimmermann --- drivers/gpu/drm/vc4/vc4_txp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vc4/vc4_txp.c b/drivers/gpu/drm/vc4/vc4_txp.c index 51ac01838093..6a16b2798724 100644 --- a/drivers/gpu/drm/vc4/vc4_txp.c +++ b/drivers/gpu/drm/vc4/vc4_txp.c @@ -477,7 +477,7 @@ static int vc4_txp_bind(struct device *dev, struct device *master, void *data) if (irq < 0) return irq; - txp = devm_kzalloc(dev, sizeof(*txp), GFP_KERNEL); + txp = drmm_kzalloc(drm, sizeof(*txp), GFP_KERNEL); if (!txp) return -ENOMEM; vc4_crtc = &txp->base;