Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3086627img; Mon, 25 Mar 2019 03:33:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqxBg8vK03Yz4Y9hqQWANuIwhsJX+cSn5q44Il0wm2v4ohTfQSPJ2tP0JDy/0IE7/UuSIXRc X-Received: by 2002:a65:5343:: with SMTP id w3mr5828667pgr.232.1553510027583; Mon, 25 Mar 2019 03:33:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553510027; cv=none; d=google.com; s=arc-20160816; b=0Ya4zZMOGwZGIsATjLT+rk488C2LF8h/hFSaWxXNPUS5v3rys3NutwGfvNIAudh0kH ZJkn2sXYb6Fp/amuZb4beL/bu0P5tG77v1AsQtVzqfGyUGUzvSMB0/M7tHBNsKczf0Cy EJnE7/KqzCYmTQU2SZmwB1hbZ1v4OXftlm+JAJY6m02Rs45Ky4/sC/JD9c56xRUz2nCa jKAWbqKgOjqSEaciaoayzTfakbKLByTVpKEMoJgbTwfGK8vHGfBWd9n7seV9PyX2+9ts G1S1pRxjpJYGsAjm/woGEGNCXZtr8W/L56hesilCkI6UYXRyGJG3z4YZGEp0gGymb2Tp w4CA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject; bh=6/dLgRAi73ERd8eOFxUqqQHaXFfMKKm1aB2K6CbqVC4=; b=M13P5wEdYwUkN9wuQcrkQrGGFDIxQugLAJnEIkQLtzQQbfypyqJdN7O8BbT7n3EgNL TEKkcjJod5mCUbQAbqAK9EdLc1JEOiEzb5bVAqmlN8s23W7Y0W4kGAeaxcTsuT4LPUgL iB4ji8VlSnBTOlu3+/Kj+z18rbu1xD8za24O6wsK2iAXuAmEspWlC9H99W0wzVlke5MJ VN/vV4+mq7PB9nBdWWMf5naquATJWgMaEOWjeHdn62IMNzbGNcfdci3bTS+q0nKULcpx ZefbVOp5RIsjLMry6EO0A7teCTVwCMKMDQMFdiVDDafnWGzV+KZmU2KpCwqLQ0P2Cg8D FQ+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p6si13834227plo.4.2019.03.25.03.33.32; Mon, 25 Mar 2019 03:33:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730715AbfCYKcy (ORCPT + 99 others); Mon, 25 Mar 2019 06:32:54 -0400 Received: from mail.netline.ch ([148.251.143.178]:59041 "EHLO netline-mail3.netline.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730491AbfCYKcx (ORCPT ); Mon, 25 Mar 2019 06:32:53 -0400 Received: from localhost (localhost [127.0.0.1]) by netline-mail3.netline.ch (Postfix) with ESMTP id 9FA2E2A6059; Mon, 25 Mar 2019 11:32:50 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at netline-mail3.netline.ch Received: from netline-mail3.netline.ch ([127.0.0.1]) by localhost (netline-mail3.netline.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Xu6BH_Qdarew; Mon, 25 Mar 2019 11:32:50 +0100 (CET) Received: from thor (116.245.63.188.dynamic.wline.res.cust.swisscom.ch [188.63.245.116]) by netline-mail3.netline.ch (Postfix) with ESMTPSA id 94B2E2A6058; Mon, 25 Mar 2019 11:32:49 +0100 (CET) Received: from [::1] by thor with esmtp (Exim 4.92) (envelope-from ) id 1h8MuP-0002tK-0W; Mon, 25 Mar 2019 11:32:49 +0100 Subject: Re: [PATCH] gpu: radeon: fix a potential NULL-pointer dereference To: Kangjie Lu Cc: David Airlie , linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, Daniel Vetter , pakki001@umn.edu, Alex Deucher , =?UTF-8?Q?Christian_K=c3=b6nig?= References: <20190323022955.14326-1-kjlu@umn.edu> From: =?UTF-8?Q?Michel_D=c3=a4nzer?= Openpgp: preference=signencrypt Autocrypt: addr=michel@daenzer.net; prefer-encrypt=mutual; keydata= mQGiBDsehS8RBACbsIQEX31aYSIuEKxEnEX82ezMR8z3LG8ktv1KjyNErUX9Pt7AUC7W3W0b LUhu8Le8S2va6hi7GfSAifl0ih3k6Bv1Itzgnd+7ZmSrvCN8yGJaHNQfAevAuEboIb+MaVHo 9EMJj4ikOcRZCmQWw7evu/D9uQdtkCnRY9iJiAGxbwCguBHtpoGMxDOINCr5UU6qt+m4O+UD /355ohBBzzyh49lTj0kTFKr0Ozd20G2FbcqHgfFL1dc1MPyigej2gLga2osu2QY0ObvAGkOu WBi3LTY8Zs8uqFGDC4ZAwMPoFy3yzu3ne6T7d/68rJil0QcdQjzzHi6ekqHuhst4a+/+D23h Za8MJBEcdOhRhsaDVGAJSFEQB1qLBACOs0xN+XblejO35gsDSVVk8s+FUUw3TSWJBfZa3Imp V2U2tBO4qck+wqbHNfdnU/crrsHahjzBjvk8Up7VoY8oT+z03sal2vXEonS279xN2B92Tttr AgwosujguFO/7tvzymWC76rDEwue8TsADE11ErjwaBTs8ZXfnN/uAANgPLQjTWljaGVsIERh ZW56ZXIgPG1pY2hlbEBkYWVuemVyLm5ldD6IXgQTEQIAHgUCQFXxJgIbAwYLCQgHAwIDFQID AxYCAQIeAQIXgAAKCRBaga+OatuyAIrPAJ9ykonXI3oQcX83N2qzCEStLNW47gCeLWm/QiPY jqtGUnnSbyuTQfIySkK5AQ0EOx6FRRAEAJZkcvklPwJCgNiw37p0GShKmFGGqf/a3xZZEpjI qNxzshFRFneZze4f5LhzbX1/vIm5+ZXsEWympJfZzyCmYPw86QcFxyZflkAxHx9LeD+89Elx bw6wT0CcLvSv8ROfU1m8YhGbV6g2zWyLD0/naQGVb8e4FhVKGNY2EEbHgFBrAAMGA/0VktFO CxFBdzLQ17RCTwCJ3xpyP4qsLJH0yCoA26rH2zE2RzByhrTFTYZzbFEid3ddGiHOBEL+bO+2 GNtfiYKmbTkj1tMZJ8L6huKONaVrASFzLvZa2dlc2zja9ZSksKmge5BOTKWgbyepEc5qxSju YsYrX5xfLgTZC5abhhztpYhGBBgRAgAGBQI7HoVFAAoJEFqBr45q27IAlscAn2Ufk2d6/3p4 Cuyz/NX7KpL2dQ8WAJ9UD5JEakhfofed8PSqOM7jOO3LCA== Message-ID: <0fc81efe-186b-3207-e0d0-b0bb95626069@daenzer.net> Date: Mon, 25 Mar 2019 11:32:48 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: <20190323022955.14326-1-kjlu@umn.edu> Content-Type: text/plain; charset=utf-8 Content-Language: en-CA Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Kangjie, thanks for your patch. On 2019-03-23 3:29 a.m., Kangjie Lu wrote: > In case alloc_workqueue fails, the fix frees memory and > returns to avoid potential NULL pointer dereference. > > Signed-off-by: Kangjie Lu > --- > drivers/gpu/drm/radeon/radeon_display.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c > index aa898c699101..a31305755a77 100644 > --- a/drivers/gpu/drm/radeon/radeon_display.c > +++ b/drivers/gpu/drm/radeon/radeon_display.c > @@ -678,6 +678,11 @@ static void radeon_crtc_init(struct drm_device *dev, int index) > drm_mode_crtc_set_gamma_size(&radeon_crtc->base, 256); > radeon_crtc->crtc_id = index; > radeon_crtc->flip_queue = alloc_workqueue("radeon-crtc", WQ_HIGHPRI, 0); > + if (!radeon_crtc->flip_queue) { > + DRM_ERROR("failed to allocate the flip queue\n"); > + kfree(radeon_crtc); This would leak some memory referenced by struct drm_crtc. To solve this, I suggest calling radeon_crtc_destroy here and making that cope with radeon_crtc->flip_queue being NULL. Also, I'm not sure all driver code can handle some CRTCs not initializing. Given that, and as alloc_workqueue presumably only fails if the system is essentially out of memory anyway, it's probably better for radeon_crtc_init to return -ENOMEM in this case and for radeon_modeset_init to propagate that, which will prevent the driver as a whole from initializing. -- Earthling Michel Dänzer | https://www.amd.com Libre software enthusiast | Mesa and X developer