Re: [PATCH] drm: fix use of freed memory in drm_mode_setcrtc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 17/09/18 17:41, Ville Syrjälä wrote:
> On Mon, Sep 17, 2018 at 02:00:54PM +0300, Tomi Valkeinen wrote:
>> drm_mode_setcrtc() retries modesetting in case one of the functions it
>> calls returns -EDEADLK. connector_set, mode and fb are freed before
>> retrying, but they are not set to NULL. This can cause
>> drm_mode_setcrtc() to use those variables.
>>
>> For example: On the first try __drm_mode_set_config_internal() returns
>> -EDEADLK. connector_set, mode and fb are freed. Next retry starts, and
>> drm_modeset_lock_all_ctx() returns -EDEADLK, and we jump to 'out'. The
>> code will happily try to release all three again.
> 
> This thing uses lock_all() so I guess the EDEADLK must be coming from
> some private locks in the driver?

Yes, I've seen this cause issues only with Benoit's work-in-progress
omapdrm patches.

> Anyways, patch looks good so
> Reviewed-by: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx>

Thanks!

 Tomi

-- 
Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki.
Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux