[PATCH] radeon: avoid double free in ci_dpm_init()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

There are several calls to ci_dpm_fini() in ci_dpm_init() when there
occur errors in functions like r600_parse_extended_power_table().
This is harmful as it can lead to double free situations: for
instance, r600_parse_extended_power_table() will call for
r600_free_extended_power_table() as will ci_dpm_fini(), both
of which will try to free resources.
Other drivers do not call *_dpm_fini functions from their
respective *_dpm_init calls - neither should cpm_dpm_init().

Fix this by removing extra calls to ci_dpm_fini().

Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.

Fixes: cc8dbbb4f62a ("drm/radeon: add dpm support for CI dGPUs (v2)")
Cc: stable@xxxxxxxxxxxxxxx
Co-developed-by: Natalia Petrova <n.petrova@xxxxxxxxxx>
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@xxxxxxxxxx>

---
 drivers/gpu/drm/radeon/ci_dpm.c | 20 +++++---------------
 1 file changed, 5 insertions(+), 15 deletions(-)

diff --git a/drivers/gpu/drm/radeon/ci_dpm.c b/drivers/gpu/drm/radeon/ci_dpm.c
index 8ef25ab305ae..7b77d4c93f1d 100644
--- a/drivers/gpu/drm/radeon/ci_dpm.c
+++ b/drivers/gpu/drm/radeon/ci_dpm.c
@@ -5677,28 +5677,20 @@ int ci_dpm_init(struct radeon_device *rdev)
 	pi->pcie_lane_powersaving.min = 16;
 
 	ret = ci_get_vbios_boot_values(rdev, &pi->vbios_boot_state);
-	if (ret) {
-		ci_dpm_fini(rdev);
+	if (ret)
 		return ret;
-	}
 
 	ret = r600_get_platform_caps(rdev);
-	if (ret) {
-		ci_dpm_fini(rdev);
+	if (ret)
 		return ret;
-	}
 
 	ret = r600_parse_extended_power_table(rdev);
-	if (ret) {
-		ci_dpm_fini(rdev);
+	if (ret)
 		return ret;
-	}
 
 	ret = ci_parse_power_table(rdev);
-	if (ret) {
-		ci_dpm_fini(rdev);
+	if (ret)
 		return ret;
-	}
 
 	pi->dll_default_on = false;
 	pi->sram_end = SMC_RAM_END;
@@ -5749,10 +5741,8 @@ int ci_dpm_init(struct radeon_device *rdev)
 		kcalloc(4,
 			sizeof(struct radeon_clock_voltage_dependency_entry),
 			GFP_KERNEL);
-	if (!rdev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries) {
-		ci_dpm_fini(rdev);
+	if (!rdev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries)
 		return -ENOMEM;
-	}
 	rdev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.count = 4;
 	rdev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries[0].clk = 0;
 	rdev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries[0].v = 0;
[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux