Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3815071rwb; Tue, 8 Nov 2022 08:39:51 -0800 (PST) X-Google-Smtp-Source: AMsMyM4n2AlU2xTGS0txRsKO2bmO6v7LytK0LLOpeX0VfW8cTX6DvRvutHCFPa8Ekn+xs45Igk4f X-Received: by 2002:a17:906:9be3:b0:7ad:d3a4:9df3 with SMTP id de35-20020a1709069be300b007add3a49df3mr43990215ejc.682.1667925591761; Tue, 08 Nov 2022 08:39:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667925591; cv=none; d=google.com; s=arc-20160816; b=WZB6bV9UascEcGzea52E5AUlDQqR4kYK8deayD0Nw4hegmZezdPZ1lourX1rSA3Npd E4qnAKbGfQTJt0Jw1J7RZ7dib2hsR3/df4JxDbPX2pf/2Z+60KNEepXhqH+sY7rUy27W J0QWpqaq0yBx5o/QbU3RlcXybm4LcOYmt1Psy3vp0w0/QPoQJLNaDJTHsLfVgMQFjQ7c 3N10plC5alKqpBpsC4K+Ut6oWiTkphfnKKoC2aZ3bls3AV/usRAnL2Ynpw/B8+3HPoq0 DnrHglDNNBWWVEHZmw11vCjpYJrcL9cteXSDGKpmAQodUheFONP4v+/KwMQDuhvo1NJQ OTOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=V9WW/Du0LmflcuOKD72qp9hdgPApATYBjvbbNnooJNM=; b=b3u5yLX8HBWPuuOKF7qYC0X9rDpO+KW9wdHi67l8jsGqkH9V6+Rt9IaBVFKavMup7n p//ZYAS30t8jKuSUBXVNr16IZp00X5BLQuzGXUyQBe5+FrLUvRD1nkoiQB3/vB2Ru5A1 MruBzhX4+zV8wvSmFZr8mcTelZQEcQUgEiCczooExSgKPFI1pEols4p4tx1TedeNaTXH 8ftkYXruRMFugQqYOsUuQZwxTuP572BlDoxFhBCfyJ4scTPZpdpISESsK3YBkOTC172K dW+c4HPHGcqBst2MT7EOIvAUNY3dkjplAEqgS0TG4+Mwg0TGUzBly4R7xWHc8aNXO1QM VtRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=pvW3ul5T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nd27-20020a170907629b00b007ae0596231esi12826968ejc.789.2022.11.08.08.39.06; Tue, 08 Nov 2022 08:39:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=pvW3ul5T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234363AbiKHQEo (ORCPT + 91 others); Tue, 8 Nov 2022 11:04:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233873AbiKHQEj (ORCPT ); Tue, 8 Nov 2022 11:04:39 -0500 Received: from mail-oa1-x2d.google.com (mail-oa1-x2d.google.com [IPv6:2001:4860:4864:20::2d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64CEA5E3F7 for ; Tue, 8 Nov 2022 08:04:37 -0800 (PST) Received: by mail-oa1-x2d.google.com with SMTP id 586e51a60fabf-13b103a3e5dso16731231fac.2 for ; Tue, 08 Nov 2022 08:04:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=V9WW/Du0LmflcuOKD72qp9hdgPApATYBjvbbNnooJNM=; b=pvW3ul5TA2U+eZJ2wXA2kdXoN89zJU48kYrRmknFgRokK0CzXywAVNV2Hxfj2PCFxN 0rlLlWF6j/zEF9vfJdObccLk+GeRboCIP0gxau8ghbh6+zBR1GcYQWLzQelP9sEjjRxV 2h9juXWNHAlGyabhFRGdTFYjXDL94RLaAtQfNemCBmfJU7e2xGs+Fatm5KgkLu6max91 0gSL21e5n5Xci4zcn3DdLNJ+wtZlOTtBBA1z31+OpDcXSkIPCE1tnglr04qEHqONbbBw +gi3ivWbEb0ezhYncRCP/P5sG8GubGDBP/RsJJsC+nhYDKeh7e7pqf8y7d1yQoqiux/g QqwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=V9WW/Du0LmflcuOKD72qp9hdgPApATYBjvbbNnooJNM=; b=UN6UcNbW1fKRTckYo8W2+OX2xKve+11KFeBKQtzukD3OB4wdFZKqI2QXpGp5Fmnthk rv+IUGen2VVaYVoH6OLb/ZDcTFjra+B+8d+k5oN0GXvjcVdOuCcFH9OlyKCVjDu5eG84 nWzWRjFNTqjUx3fLeIn0rjAgqzyKRj8ggkxj3tS1u5howpWHikwpxsDtme5rSpbFEgyM pleXZpjacrPCqOtWgeM4Pj6h40LZXjbMEpAN7tUMSO0GMkcR/xAzC7GgtyVUSLiK/fNC dXpus65v9RyzDoimZ+LYEKQ0qC/6o4oHm1UcujHHMGULFBXclJ/zZwImHaf7dAOFPHi+ gRiw== X-Gm-Message-State: ACrzQf2ahmXhGdheZV/rVM0NShU95BQWKIf5NXmyqNKi3li6s4z3+M+C DT1W63QlOF+0+VFTeTuPAPPsq7bDhUqrEZYcXnQ= X-Received: by 2002:a05:6870:a7a4:b0:136:7c39:979e with SMTP id x36-20020a056870a7a400b001367c39979emr33934235oao.96.1667923451842; Tue, 08 Nov 2022 08:04:11 -0800 (PST) MIME-Version: 1.0 References: <20221104092931.20226-1-tanglongjun@kylinos.cn> In-Reply-To: <20221104092931.20226-1-tanglongjun@kylinos.cn> From: Alex Deucher Date: Tue, 8 Nov 2022 11:03:59 -0500 Message-ID: Subject: Re: [PATCH v1] drm/amd/display: Have risk for memory exhaustion To: LongJun Tang Cc: alexander.deucher@amd.com, Rodrigo.Siqueira@amd.com, harry.wentland@amd.com, aurabindo.pillai@amd.com, linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org, lange_tang@163.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 4, 2022 at 10:06 AM LongJun Tang wrote: > > In dcn*_clock_source_create when dcn*_clk_src_construct fails allocated > clk_src needs release. A local attack could use this to cause memory > exhaustion. > > Signed-off-by: LongJun Tang Applied. Thanks! Alex > --- > drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 1 + > drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c | 1 + > drivers/gpu/drm/amd/display/dc/dcn302/dcn302_resource.c | 1 + > drivers/gpu/drm/amd/display/dc/dcn303/dcn303_resource.c | 1 + > drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 1 + > drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c | 1 + > drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 1 + > drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c | 1 + > 8 files changed, 8 insertions(+) > > diff --git a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c > index 020f512e9690..9b7e786bd4a2 100644 > --- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c > +++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_resource.c > @@ -1323,6 +1323,7 @@ static struct clock_source *dcn30_clock_source_create( > return &clk_src->base; > } > > + kfree(clk_src); > BREAK_TO_DEBUGGER(); > return NULL; > } > diff --git a/drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c b/drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c > index f04595b750ab..7c1225046544 100644 > --- a/drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c > +++ b/drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c > @@ -1288,6 +1288,7 @@ static struct clock_source *dcn301_clock_source_create( > return &clk_src->base; > } > > + kfree(clk_src); > BREAK_TO_DEBUGGER(); > return NULL; > } > diff --git a/drivers/gpu/drm/amd/display/dc/dcn302/dcn302_resource.c b/drivers/gpu/drm/amd/display/dc/dcn302/dcn302_resource.c > index b925b6ddde5a..73ae1146dad5 100644 > --- a/drivers/gpu/drm/amd/display/dc/dcn302/dcn302_resource.c > +++ b/drivers/gpu/drm/amd/display/dc/dcn302/dcn302_resource.c > @@ -458,6 +458,7 @@ static struct clock_source *dcn302_clock_source_create(struct dc_context *ctx, s > return &clk_src->base; > } > > + kfree(clk_src); > BREAK_TO_DEBUGGER(); > return NULL; > } > diff --git a/drivers/gpu/drm/amd/display/dc/dcn303/dcn303_resource.c b/drivers/gpu/drm/amd/display/dc/dcn303/dcn303_resource.c > index 527d5c902878..0ea97eeec5a6 100644 > --- a/drivers/gpu/drm/amd/display/dc/dcn303/dcn303_resource.c > +++ b/drivers/gpu/drm/amd/display/dc/dcn303/dcn303_resource.c > @@ -425,6 +425,7 @@ static struct clock_source *dcn303_clock_source_create(struct dc_context *ctx, s > return &clk_src->base; > } > > + kfree(clk_src); > BREAK_TO_DEBUGGER(); > return NULL; > } > diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c > index fddc21a5a04c..b02aa8874efb 100644 > --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c > +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c > @@ -1625,6 +1625,7 @@ static struct clock_source *dcn31_clock_source_create( > return &clk_src->base; > } > > + kfree(clk_src); > BREAK_TO_DEBUGGER(); > return NULL; > } > diff --git a/drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c b/drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c > index 58746c437554..b2ff29e5f93c 100644 > --- a/drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c > +++ b/drivers/gpu/drm/amd/display/dc/dcn315/dcn315_resource.c > @@ -1623,6 +1623,7 @@ static struct clock_source *dcn31_clock_source_create( > return &clk_src->base; > } > > + kfree(clk_src); > BREAK_TO_DEBUGGER(); > return NULL; > } > diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c > index a88dd7b3d1c1..71730b6666b0 100644 > --- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c > +++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c > @@ -829,6 +829,7 @@ static struct clock_source *dcn32_clock_source_create( > return &clk_src->base; > } > > + kfree(clk_src); > BREAK_TO_DEBUGGER(); > return NULL; > } > diff --git a/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c b/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c > index 61087f2385a9..d3980fc243c9 100644 > --- a/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c > +++ b/drivers/gpu/drm/amd/display/dc/dcn321/dcn321_resource.c > @@ -828,6 +828,7 @@ static struct clock_source *dcn321_clock_source_create( > return &clk_src->base; > } > > + kfree(clk_src); > BREAK_TO_DEBUGGER(); > return NULL; > } > -- > 2.17.1 > > > No virus found > Checked by Hillstone Network AntiVirus