Re: [PATCH] drm/plane: Move range check for format_count earlier

From: Steven Price
Date: Thu Apr 28 2022 - 07:58:09 EST

Next message: kernel test robot: "arch/h8300/kernel/signal.c:112:14: sparse: sparse: incorrect type in argument 1 (different address spaces)"
Previous message: Rex-BC Chen: "[PATCH V5 09/16] clk: mediatek: reset: Add new register reset function with device"
Next in thread: Liviu Dudau: "Re: [PATCH] drm/plane: Move range check for format_count earlier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/12/2021 13:08, Liviu Dudau wrote:
> On Fri, Dec 03, 2021 at 10:28:15AM +0000, Steven Price wrote:
>> While the check for format_count > 64 in __drm_universal_plane_init()
>> shouldn't be hit (it's a WARN_ON), in its current position it will then
>> leak the plane->format_types array and fail to call
>> drm_mode_object_unregister() leaking the modeset identifier. Move it to
>> the start of the function to avoid allocating those resources in the
>> first place.
>>
>> Signed-off-by: Steven Price <steven.price@xxxxxxx>
>
> Well spotted!
>
> Reviewed-by: Liviu Dudau <liviu.dudau@xxxxxxx>
>
> I'm going to wait to see if anyone else has any comments before I'll merge this into
> drm-misc-fixes (or should it be drm-misc-next-fixes?)

Gentle ping! I think we've probably waited long enough. Are you going to
merge this or would you like me to?

Thanks,

Steve

> Best regards,
> Liviu
>
>> ---
>> drivers/gpu/drm/drm_plane.c | 14 +++++++-------
>> 1 file changed, 7 insertions(+), 7 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c
>> index 82afb854141b..fd0bf90fb4c2 100644
>> --- a/drivers/gpu/drm/drm_plane.c
>> +++ b/drivers/gpu/drm/drm_plane.c
>> @@ -249,6 +249,13 @@ static int __drm_universal_plane_init(struct drm_device *dev,
>> if (WARN_ON(config->num_total_plane >= 32))
>> return -EINVAL;
>>
>> + /*
>> + * First driver to need more than 64 formats needs to fix this. Each
>> + * format is encoded as a bit and the current code only supports a u64.
>> + */
>> + if (WARN_ON(format_count > 64))
>> + return -EINVAL;
>> +
>> WARN_ON(drm_drv_uses_atomic_modeset(dev) &&
>> (!funcs->atomic_destroy_state ||
>> !funcs->atomic_duplicate_state));
>> @@ -270,13 +277,6 @@ static int __drm_universal_plane_init(struct drm_device *dev,
>> return -ENOMEM;
>> }
>>
>> - /*
>> - * First driver to need more than 64 formats needs to fix this. Each
>> - * format is encoded as a bit and the current code only supports a u64.
>> - */
>> - if (WARN_ON(format_count > 64))
>> - return -EINVAL;
>> -
>> if (format_modifiers) {
>> const uint64_t *temp_modifiers = format_modifiers;
>>
>> --
>> 2.25.1
>>
>

Next message: kernel test robot: "arch/h8300/kernel/signal.c:112:14: sparse: sparse: incorrect type in argument 1 (different address spaces)"
Previous message: Rex-BC Chen: "[PATCH V5 09/16] clk: mediatek: reset: Add new register reset function with device"
Next in thread: Liviu Dudau: "Re: [PATCH] drm/plane: Move range check for format_count earlier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]