Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp30284ybj; Wed, 6 May 2020 10:50:45 -0700 (PDT) X-Google-Smtp-Source: APiQypJaJwSzt7Y5yH88ywf9MeY7MFPjg1qmykr4Iv2kP6SfD7aIngpz+p1ISDX0bLVN9x1TdlW6 X-Received: by 2002:a17:907:9e5:: with SMTP id ce5mr8300024ejc.123.1588787445068; Wed, 06 May 2020 10:50:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588787445; cv=none; d=google.com; s=arc-20160816; b=w9LJlOmktTaKncmoEIWdJObNsj3vzAfSctU/doEYtQ4lAm9dXZotlFA9QDfbpB2CLs O0qVjjOjxhKakqfSI3alJr004rqre5r9J/okjEZ+f0CBsbPgzQAgkibaSx0ugcy4oYn0 +kFiGxo3OJhvxr4ALEWObi+YCs4c8UV8uXvhdQG2tfExLujdFCN0P29RdstYyQMlfjFv pDSbkL5iEhz+CVkeSkt4d7WBAVOYAYo1IW7k62EYKeBcQ7AXhQSpeDsH6sUhhYi21bx/ iwodQzZMvPicpZngLrA5y4OFm10RGfs7aioHhnIcCIrtnCAeIkr4FqrX3ncIDtMajQ5R KSkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=DdexGdjI6/zLpEOucixOuWMGizJOOlYZl9QRJGJK/Fw=; b=DauHKlbAotJ0UN6or1DiKzAnzAOkWIb9275dwgjO3QxQprYPFsWxGfLHRRv9TrIkAp FaFv0IOoJCY2lvcJ67A6siFKpRmVf2WpZsvHEkY85lxFOyptUs8PVMPpcpXMC/WcRY0I Cz89kQzd9qJreL3GyUFfnRpbVWJnvaECjTug1fZGiqyGp/Wak7ej7Z9jhlnLkab1iimo EHEIc+36evvfARDKAq7n7hTeka5SVmlxq5xefvrxrudmxWtmnSBof1VkGrDi+VpZS+YF 0fZlWmWUS8JAq1P8dRHfldz1vHmqse4h+piiArCi4i0TB2yzwodPdoM3FRo2b2jMsEsy hHiw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c9si1406838edt.576.2020.05.06.10.50.21; Wed, 06 May 2020 10:50:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730015AbgEFRs4 (ORCPT + 99 others); Wed, 6 May 2020 13:48:56 -0400 Received: from asavdk4.altibox.net ([109.247.116.15]:38754 "EHLO asavdk4.altibox.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728807AbgEFRs4 (ORCPT ); Wed, 6 May 2020 13:48:56 -0400 Received: from ravnborg.org (unknown [158.248.194.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by asavdk4.altibox.net (Postfix) with ESMTPS id 5DBF280501; Wed, 6 May 2020 19:48:50 +0200 (CEST) Date: Wed, 6 May 2020 19:48:49 +0200 From: Sam Ravnborg To: Christophe JAILLET Cc: b.zolnierkie@samsung.com, gregkh@linuxfoundation.org, kstewart@linuxfoundation.org, tglx@linutronix.de, arnd@arndb.de, jani.nikula@intel.com, akpm@osdl.org, adaplas@pol.net, rpurdie@rpsys.net, linux-fbdev@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org Subject: Re: [PATCH] video: fbdev: w100fb: Fix a potential double free. Message-ID: <20200506174849.GG19296@ravnborg.org> References: <20200427091945.57534-1-christophe.jaillet@wanadoo.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200427091945.57534-1-christophe.jaillet@wanadoo.fr> User-Agent: Mutt/1.10.1 (2018-07-13) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.3 cv=MOBOZvRl c=1 sm=1 tr=0 a=UWs3HLbX/2nnQ3s7vZ42gw==:117 a=UWs3HLbX/2nnQ3s7vZ42gw==:17 a=kj9zAlcOel0A:10 a=-sM3sDvmAAAA:8 a=p1g2r8j9AAAA:8 a=hD80L64hAAAA:8 a=VwQbUJbxAAAA:8 a=e5mUnYsNAAAA:8 a=0rnci6YRAtboiwCnBc0A:9 a=CjuIK1q_8ugA:10 a=LUHx1oGsa4U61Z4w8267:22 a=GEd6vGEn79KL1p3bDQhq:22 a=AjGcO6oz07-iQ99wixmX:22 a=Vxmtnl_E_bksehYqCbjh:22 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Christophe On Mon, Apr 27, 2020 at 11:19:45AM +0200, Christophe JAILLET wrote: > Some memory is vmalloc'ed in the 'suspend' function and freed in the > 'resume' function. > However, it is also freed in the remove function. > > In order to avoid a potential double free, set the corresponding pointer > to NULL once freed in the 'resume' function. The changelog talks about a suspend and a resume function. But the code has a w100fb_save_vidmem() and a w100fb_restore_vidmem() functions. > > Fixes: aac51f09d96a ("[PATCH] w100fb: Rewrite for platform independence") This "Fixes" should be followed by: Cc: Richard Purdie Cc: Antonino Daplas Cc: Bartlomiej Zolnierkiewicz Cc: # v2.6.14+ This is the output of "dim fixes" - that does some magic to provide the above list. I filtered a few candidates out that should not be there. Please fix both issues and resend. Thanks, Sam > Signed-off-by: Christophe JAILLET > --- > drivers/video/fbdev/w100fb.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/video/fbdev/w100fb.c b/drivers/video/fbdev/w100fb.c > index 2d6e2738b792..d96ab28f8ce4 100644 > --- a/drivers/video/fbdev/w100fb.c > +++ b/drivers/video/fbdev/w100fb.c > @@ -588,6 +588,7 @@ static void w100fb_restore_vidmem(struct w100fb_par *par) > memsize=par->mach->mem->size; > memcpy_toio(remapped_fbuf + (W100_FB_BASE-MEM_WINDOW_BASE), par->saved_extmem, memsize); > vfree(par->saved_extmem); > + par->saved_extmem = NULL; > } > if (par->saved_intmem) { > memsize=MEM_INT_SIZE; > @@ -596,6 +597,7 @@ static void w100fb_restore_vidmem(struct w100fb_par *par) > else > memcpy_toio(remapped_fbuf + (W100_FB_BASE-MEM_WINDOW_BASE), par->saved_intmem, memsize); > vfree(par->saved_intmem); > + par->saved_intmem = NULL; > } > } > > -- > 2.25.1 > > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/dri-devel