Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4092927img; Tue, 26 Mar 2019 02:53:20 -0700 (PDT) X-Google-Smtp-Source: APXvYqy5g+rG6BdpqrqRNt+6HNdgOmqsMDKY9DBmwZBdtwrUFEldQWNo3rf55onFdnJaAhcXY4dl X-Received: by 2002:aa7:91d7:: with SMTP id z23mr29264684pfa.137.1553594000780; Tue, 26 Mar 2019 02:53:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553594000; cv=none; d=google.com; s=arc-20160816; b=OUevPC3ypQKqGjaiZc+zErUY/AiCRwP6XG80FiRXXVEU2yOafJwm9W/mjhkZV+miwf jIAHEHc1I5JYbt+X82r3AyNUpDmlbWFmTDP4lK1qJ5kVApvQuCuKggxJOJH+rT1XgC88 1WV9Dm0toeTH7kmWZ6y9o/pxGtd1t8pGCHoZ8j0VorAHn6U5llNr5So/vPjE4otvwn7A /f7KcddebG/s+Zwqd17voI/bRIn9rE8koAKIS5sWoEUXQMklR2barYJdhq6iCR2UZvOo XpmNLyPSbD+ce8YzVAyxLTdoedP6td7kNFm/BoIYFgOKzW9fZHEHSbbgcNyDzGnFJkVi 9MtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject; bh=LJ4iEt3vT8PKWAJwB3A0mVtTOYYUGcDSSYwGInL1jbg=; b=0n4i/t9VoR99+zjOTXT40xcFKpX9FGHA22550jXH9iJNrmQKtLlFlu+s7MWKLY7NHs ozBtv1AnuLC2aboa1aqgjqwCJvDUhUAX6q8ULUrBaAhubnnBY/xVjYjInRiwfKJzcIkf nTU++oqa5H72mB9EjeXIh6SOIp8cotzJXKv3Ki4oRH+fHDOAtyCajekNdFSUq4p4nHD2 HSmVN/l8suzAf/A9drnL7P7dR/EOtbUPBvI6P9G9lA4rGDqI8b38CMKKoQCZ3vtEVxCB a7VTAA0N/FuNqGfWy92DLDcibDMKzXIZIKMNhxvggkSIPQuD9pVJ76B61Siph9qwS0W5 UGVA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 22si603691pgd.540.2019.03.26.02.53.05; Tue, 26 Mar 2019 02:53:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730750AbfCZJvJ (ORCPT + 99 others); Tue, 26 Mar 2019 05:51:09 -0400 Received: from mail.netline.ch ([148.251.143.178]:39476 "EHLO netline-mail3.netline.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725776AbfCZJvJ (ORCPT ); Tue, 26 Mar 2019 05:51:09 -0400 Received: from localhost (localhost [127.0.0.1]) by netline-mail3.netline.ch (Postfix) with ESMTP id E90AE2A605A; Tue, 26 Mar 2019 10:51:05 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at netline-mail3.netline.ch Received: from netline-mail3.netline.ch ([127.0.0.1]) by localhost (netline-mail3.netline.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id UP0oX60E-7Qf; Tue, 26 Mar 2019 10:51:05 +0100 (CET) Received: from thor (116.245.63.188.dynamic.wline.res.cust.swisscom.ch [188.63.245.116]) by netline-mail3.netline.ch (Postfix) with ESMTPSA id 419B82A6053; Tue, 26 Mar 2019 10:51:05 +0100 (CET) Received: from [::1] by thor with esmtp (Exim 4.92) (envelope-from ) id 1h8ijY-0003Dy-M7; Tue, 26 Mar 2019 10:51:04 +0100 Subject: Re: [PATCH v2] gpu: radeon: fix a potential NULL-pointer dereference To: Kangjie Lu Cc: "David (ChunMing) Zhou" , David Airlie , linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, Daniel Vetter , pakki001@umn.edu, Alex Deucher , =?UTF-8?Q?Christian_K=c3=b6nig?= References: <0fc81efe-186b-3207-e0d0-b0bb95626069@daenzer.net> <20190325210552.12797-1-kjlu@umn.edu> From: =?UTF-8?Q?Michel_D=c3=a4nzer?= Openpgp: preference=signencrypt Autocrypt: addr=michel@daenzer.net; prefer-encrypt=mutual; keydata= mQGiBDsehS8RBACbsIQEX31aYSIuEKxEnEX82ezMR8z3LG8ktv1KjyNErUX9Pt7AUC7W3W0b LUhu8Le8S2va6hi7GfSAifl0ih3k6Bv1Itzgnd+7ZmSrvCN8yGJaHNQfAevAuEboIb+MaVHo 9EMJj4ikOcRZCmQWw7evu/D9uQdtkCnRY9iJiAGxbwCguBHtpoGMxDOINCr5UU6qt+m4O+UD /355ohBBzzyh49lTj0kTFKr0Ozd20G2FbcqHgfFL1dc1MPyigej2gLga2osu2QY0ObvAGkOu WBi3LTY8Zs8uqFGDC4ZAwMPoFy3yzu3ne6T7d/68rJil0QcdQjzzHi6ekqHuhst4a+/+D23h Za8MJBEcdOhRhsaDVGAJSFEQB1qLBACOs0xN+XblejO35gsDSVVk8s+FUUw3TSWJBfZa3Imp V2U2tBO4qck+wqbHNfdnU/crrsHahjzBjvk8Up7VoY8oT+z03sal2vXEonS279xN2B92Tttr AgwosujguFO/7tvzymWC76rDEwue8TsADE11ErjwaBTs8ZXfnN/uAANgPLQjTWljaGVsIERh ZW56ZXIgPG1pY2hlbEBkYWVuemVyLm5ldD6IXgQTEQIAHgUCQFXxJgIbAwYLCQgHAwIDFQID AxYCAQIeAQIXgAAKCRBaga+OatuyAIrPAJ9ykonXI3oQcX83N2qzCEStLNW47gCeLWm/QiPY jqtGUnnSbyuTQfIySkK5AQ0EOx6FRRAEAJZkcvklPwJCgNiw37p0GShKmFGGqf/a3xZZEpjI qNxzshFRFneZze4f5LhzbX1/vIm5+ZXsEWympJfZzyCmYPw86QcFxyZflkAxHx9LeD+89Elx bw6wT0CcLvSv8ROfU1m8YhGbV6g2zWyLD0/naQGVb8e4FhVKGNY2EEbHgFBrAAMGA/0VktFO CxFBdzLQ17RCTwCJ3xpyP4qsLJH0yCoA26rH2zE2RzByhrTFTYZzbFEid3ddGiHOBEL+bO+2 GNtfiYKmbTkj1tMZJ8L6huKONaVrASFzLvZa2dlc2zja9ZSksKmge5BOTKWgbyepEc5qxSju YsYrX5xfLgTZC5abhhztpYhGBBgRAgAGBQI7HoVFAAoJEFqBr45q27IAlscAn2Ufk2d6/3p4 Cuyz/NX7KpL2dQ8WAJ9UD5JEakhfofed8PSqOM7jOO3LCA== Message-ID: Date: Tue, 26 Mar 2019 10:51:04 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: <20190325210552.12797-1-kjlu@umn.edu> Content-Type: text/plain; charset=utf-8 Content-Language: en-CA Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-03-25 10:05 p.m., Kangjie Lu wrote: > In case alloc_workqueue fails, the fix frees memory and > returns -ENOMEM to avoid potential NULL pointer dereference. > > Signed-off-by: Kangjie Lu > --- > v2: use radeon_crtc_destroy to properly clean up resources as > suggested by Michel Dänzer > > [...] > > @@ -671,13 +671,18 @@ static void radeon_crtc_init(struct drm_device *dev, int index) > > radeon_crtc = kzalloc(sizeof(struct radeon_crtc) + (RADEONFB_CONN_LIMIT * sizeof(struct drm_connector *)), GFP_KERNEL); > if (radeon_crtc == NULL) > - return; > + return -ENOMEM; > > drm_crtc_init(dev, &radeon_crtc->base, &radeon_crtc_funcs); > > drm_mode_crtc_set_gamma_size(&radeon_crtc->base, 256); > radeon_crtc->crtc_id = index; > radeon_crtc->flip_queue = alloc_workqueue("radeon-crtc", WQ_HIGHPRI, 0); > + if (!radeon_crtc->flip_queue) { > + DRM_ERROR("failed to allocate the flip queue\n"); > + radeon_crtc_destroy(&radeon_crtc->base); > + return -ENOMEM; > + } radeon_crtc_destroy currently unconditionally calls: destroy_workqueue(radeon_crtc->flip_queue); AFAICT destroy_workqueue will blow up if NULL is passed to it, so radeon_crtc_destroy needs to check for that. -- Earthling Michel Dänzer | https://www.amd.com Libre software enthusiast | Mesa and X developer