From patchwork Fri Jun 10 09:29:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Ripard X-Patchwork-Id: 12877220 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C1213C43334 for ; Fri, 10 Jun 2022 09:31:10 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 2F63A12B0F1; Fri, 10 Jun 2022 09:31:08 +0000 (UTC) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) by gabe.freedesktop.org (Postfix) with ESMTPS id 5687D12B0E5 for ; Fri, 10 Jun 2022 09:31:00 +0000 (UTC) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id B0AE15C00D7; Fri, 10 Jun 2022 05:30:59 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Fri, 10 Jun 2022 05:30:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cerno.tech; h=cc :cc:content-transfer-encoding:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1654853459; x=1654939859; bh=Jr yVdK8hSertYy2zcgFc5JMQAjkc6tLgxzwTwbh9SuU=; b=U9cczYl07qdOlrP0ht VDJdhemTchifTg3BX6/+WVnFLIrNBzZr+nCoOKpfpMnmSjdv56A+YW8Mw81OSytN dieWHh5cPEjEhAzsyZvNgPAZLLrpXfChPRYZqQpS0KdEF6iHEbBJY9gP+YfNF+bX 4j6zZtZsXoJUzA5rj/XAu2mnZCJsnWEplbQnATogl2D4c+qHtUzjaPzwuZlvyxlg BmNAUKKhbVmJEELOClWDK6K/aahrbCfCtM3Xg+A0+ffQVCwddZfXxXPtaETZLP5w ZjjabyiBDGWyDWdl/7jJWv/+o60wuomuGsGm3MEBq9LPOCuq8qv7qMCLZ35N/sij vbeA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1654853459; x=1654939859; bh=JryVdK8hSertY y2zcgFc5JMQAjkc6tLgxzwTwbh9SuU=; b=uCAWGMzKzxIp4TZIv2V6/LjxkTuQM +LF01Wl/BTjyOJ1fDS2M0RXZYLG73UyTXYb+FKyw/wAfpoRSSodUi57ZXexKrtVY /qTJBX8Hf3kW0a43o+cRPzmnmp3bu9VoFUAcV5bABETIIla05tRtWPAGvwlE62AD ZqbMahTosRPsdri/aD8iKd2QiUexFvz9Xf3t/qF6JSH702Q3fPGABhUi835KgV3v luaedw9JB0gXAHBfdxFKzs9o/d5rz/h5IosEDDywqcicdCowjMoB+3gvbSD95ooH Ay7pYEy04mGUioX3b1jUv3Zmp92Zy1sZj+0Stz7F2X3ziKQiqAK4AgL4Q== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudduuddgudehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepofgrgihi mhgvucftihhprghrugcuoehmrgigihhmvgestggvrhhnohdrthgvtghhqeenucggtffrrg htthgvrhhnpeelkeefteduhfekjeeihfetudfguedvveekkeetteekhfekhfdtlefgfedu vdejhfenucevlhhushhtvghrufhiiigvpeduieenucfrrghrrghmpehmrghilhhfrhhomh epmhgrgihimhgvsegtvghrnhhordhtvggthh X-ME-Proxy: Feedback-ID: i8771445c:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 10 Jun 2022 05:30:59 -0400 (EDT) From: Maxime Ripard To: Daniel Vetter , David Airlie , Maarten Lankhorst , Thomas Zimmermann , Maxime Ripard Subject: [PATCH 52/64] drm/vc4: vec: Switch to drmm_kzalloc Date: Fri, 10 Jun 2022 11:29:12 +0200 Message-Id: <20220610092924.754942-53-maxime@cerno.tech> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220610092924.754942-1-maxime@cerno.tech> References: <20220610092924.754942-1-maxime@cerno.tech> MIME-Version: 1.0 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dri-devel@lists.freedesktop.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" Our internal structure that stores the DRM entities structure is allocated through a device-managed kzalloc. This means that this will eventually be freed whenever the device is removed. In our case, the most like source of removal is that the main device is going to be unbound, and component_unbind_all() is being run. However, it occurs while the DRM device is still registered, which will create dangling pointers, eventually resulting in use-after-free. Switch to a DRM-managed allocation to keep our structure until the DRM driver doesn't need it anymore. Signed-off-by: Maxime Ripard --- drivers/gpu/drm/vc4/vc4_vec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vc4/vc4_vec.c b/drivers/gpu/drm/vc4/vc4_vec.c index 2c96d5adcf49..a051b25337c0 100644 --- a/drivers/gpu/drm/vc4/vc4_vec.c +++ b/drivers/gpu/drm/vc4/vc4_vec.c @@ -509,7 +509,7 @@ static int vc4_vec_bind(struct device *dev, struct device *master, void *data) if (ret) return ret; - vec = devm_kzalloc(dev, sizeof(*vec), GFP_KERNEL); + vec = drmm_kzalloc(drm, sizeof(*vec), GFP_KERNEL); if (!vec) return -ENOMEM;