| Message ID | 20230711092203.68157-2-jfalempe@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Two memory leak fixes in drm_client_modeset.c | expand |
Jocelyn Falempe <jfalempe@redhat.com> writes: Hello Jocelyn, > dmt_mode is allocated and never freed in this function. > It was found with the ast driver, but most drivers using generic fbdev > setup are probably affected. > > This fixes the following kmemleak report: > backtrace: > [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] > [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] > [<00000000ed2d3a37>] drm_client_modeset_probe+0x6bd/0xf50 [drm] > [<0000000010e5cc9d>] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper] > [<00000000909f82ca>] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper] > [<00000000063a69aa>] drm_client_register+0x169/0x240 [drm] > [<00000000a8c61525>] ast_pci_probe+0x142/0x190 [ast] > [<00000000987f19bb>] local_pci_probe+0xdc/0x180 > [<000000004fca231b>] work_for_cpu_fn+0x4e/0xa0 > [<0000000000b85301>] process_one_work+0x8b7/0x1540 > [<000000003375b17c>] worker_thread+0x70a/0xed0 > [<00000000b0d43cd9>] kthread+0x29f/0x340 > [<000000008d770833>] ret_from_fork+0x1f/0x30 > unreferenced object 0xff11000333089a00 (size 128): > > cc: <stable@vger.kernel.org> > Fixes: 1d42bbc8f7f9 ("drm/fbdev: fix cloning on fbcon") > Reported-by: Zhang Yi <yizhan@redhat.com> > Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com> > --- The patch looks good to me. Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Am 11.07.23 um 11:20 schrieb Jocelyn Falempe: > dmt_mode is allocated and never freed in this function. > It was found with the ast driver, but most drivers using generic fbdev > setup are probably affected. > > This fixes the following kmemleak report: > backtrace: > [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] > [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] > [<00000000ed2d3a37>] drm_client_modeset_probe+0x6bd/0xf50 [drm] > [<0000000010e5cc9d>] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper] > [<00000000909f82ca>] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper] > [<00000000063a69aa>] drm_client_register+0x169/0x240 [drm] > [<00000000a8c61525>] ast_pci_probe+0x142/0x190 [ast] > [<00000000987f19bb>] local_pci_probe+0xdc/0x180 > [<000000004fca231b>] work_for_cpu_fn+0x4e/0xa0 > [<0000000000b85301>] process_one_work+0x8b7/0x1540 > [<000000003375b17c>] worker_thread+0x70a/0xed0 > [<00000000b0d43cd9>] kthread+0x29f/0x340 > [<000000008d770833>] ret_from_fork+0x1f/0x30 > unreferenced object 0xff11000333089a00 (size 128): > > cc: <stable@vger.kernel.org> > Fixes: 1d42bbc8f7f9 ("drm/fbdev: fix cloning on fbcon") > Reported-by: Zhang Yi <yizhan@redhat.com> > Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com> Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de> > --- > drivers/gpu/drm/drm_client_modeset.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c > index 1b12a3c201a3..a4a62aa99984 100644 > --- a/drivers/gpu/drm/drm_client_modeset.c > +++ b/drivers/gpu/drm/drm_client_modeset.c > @@ -311,6 +311,9 @@ static bool drm_client_target_cloned(struct drm_device *dev, > can_clone = true; > dmt_mode = drm_mode_find_dmt(dev, 1024, 768, 60, false); > > + if (!dmt_mode) > + goto fail; > + > for (i = 0; i < connector_count; i++) { > if (!enabled[i]) > continue; > @@ -326,11 +329,13 @@ static bool drm_client_target_cloned(struct drm_device *dev, > if (!modes[i]) > can_clone = false; > } > + kfree(dmt_mode); > > if (can_clone) { > DRM_DEBUG_KMS("can clone using 1024x768\n"); > return true; > } > +fail: > DRM_INFO("kms: can't enable cloning when we probably wanted to.\n"); > return false; > }
diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 1b12a3c201a3..a4a62aa99984 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -311,6 +311,9 @@ static bool drm_client_target_cloned(struct drm_device *dev, can_clone = true; dmt_mode = drm_mode_find_dmt(dev, 1024, 768, 60, false); + if (!dmt_mode) + goto fail; + for (i = 0; i < connector_count; i++) { if (!enabled[i]) continue; @@ -326,11 +329,13 @@ static bool drm_client_target_cloned(struct drm_device *dev, if (!modes[i]) can_clone = false; } + kfree(dmt_mode); if (can_clone) { DRM_DEBUG_KMS("can clone using 1024x768\n"); return true; } +fail: DRM_INFO("kms: can't enable cloning when we probably wanted to.\n"); return false; }
dmt_mode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the following kmemleak report: backtrace: [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] [<00000000ed2d3a37>] drm_client_modeset_probe+0x6bd/0xf50 [drm] [<0000000010e5cc9d>] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper] [<00000000909f82ca>] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper] [<00000000063a69aa>] drm_client_register+0x169/0x240 [drm] [<00000000a8c61525>] ast_pci_probe+0x142/0x190 [ast] [<00000000987f19bb>] local_pci_probe+0xdc/0x180 [<000000004fca231b>] work_for_cpu_fn+0x4e/0xa0 [<0000000000b85301>] process_one_work+0x8b7/0x1540 [<000000003375b17c>] worker_thread+0x70a/0xed0 [<00000000b0d43cd9>] kthread+0x29f/0x340 [<000000008d770833>] ret_from_fork+0x1f/0x30 unreferenced object 0xff11000333089a00 (size 128): cc: <stable@vger.kernel.org> Fixes: 1d42bbc8f7f9 ("drm/fbdev: fix cloning on fbcon") Reported-by: Zhang Yi <yizhan@redhat.com> Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com> --- drivers/gpu/drm/drm_client_modeset.c | 5 +++++ 1 file changed, 5 insertions(+)