AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
13e3d94110
linux_dsm_epyc7002/drivers/gpu/drm
History
Andrzej Pietrasiewicz 13e3d94110 drm: Don't free a struct never allocated by drm_gem_fb_init() 
drm_gem_fb_init() is passed the fb and never allocates it, so it should be
not the one freeing it. As it is now the second call to kfree() is possible
with the same fb. Coverity reported the following:

*** CID 1492613:  Memory - corruptions  (USE_AFTER_FREE)
/drivers/gpu/drm/drm_gem_framebuffer_helper.c: 230 in drm_gem_fb_create_with_funcs()
224     	fb = kzalloc(sizeof(*fb), GFP_KERNEL);
225     	if (!fb)
226     		return ERR_PTR(-ENOMEM);
227
228     	ret = drm_gem_fb_init_with_funcs(dev, fb, file, mode_cmd, funcs);
229     	if (ret) {
vvv     CID 1492613:  Memory - corruptions  (USE_AFTER_FREE)
vvv     Calling "kfree" frees pointer "fb" which has already been freed. [Note: The source code implementation of the function has been overridden by a user model.]
230     		kfree(fb);
231     		return ERR_PTR(ret);
232     	}
233
234     	return fb;
235     }

drm_gem_fb_init_with_funcs() calls drm_gem_fb_init()
drm_gem_fb_init() calls kfree(fb)

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1492613 ("Memory - corruptions")
Fixes: f2b816d78a ("drm/core: Allow drivers allocate a subclass of struct drm_framebuffer")
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20200415172024.24004-1-andrzej.p@collabora.com
2020-04-16 13:44:29 +02:00
..
amd drm/amd/amdgpu_dm/mst: Stop printing extra messages in dm_dp_add_mst_connector() 2020-04-03 16:51:51 -04:00
arc drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
arm drm/<drivers>: Use drmm_add_final_kfree 2020-03-26 15:26:52 +01:00
armada drm/<drivers>: Use drmm_add_final_kfree 2020-03-26 15:26:52 +01:00
aspeed
ast drm/ast: Set up fbdev after registering device; remove error checks 2020-04-08 16:24:23 +02:00
atmel-hlcdc drm/atmel-hlcdc: Use simple encoder 2020-04-02 14:16:44 +02:00
bochs drm/bochs: Drop explicit drm_mode_config_cleanup 2020-03-26 15:46:09 +01:00
bridge drm: bridge: adv7511: Extend list of audio sample rates 2020-04-14 10:19:54 +02:00
cirrus drm/cirrus: Fully embrace devm_ 2020-03-26 15:48:34 +01:00
etnaviv Merge remote-tracking branch 'drm/drm-next' into drm-misc-next 2020-03-26 15:11:04 +01:00
exynos drm/exynos: Use simple encoder 2020-04-02 14:16:44 +02:00
fsl-dcu drm/fsl-dcu: Use simple encoder 2020-04-02 14:16:44 +02:00
gma500 drm/gma500: Use simple encoder 2020-04-02 14:16:44 +02:00
hisilicon drm: kirin: Revert change to add register connect helper functions 2020-04-13 01:46:02 +00:00
i2c drm/i2c/tda998x: Use simple encoder 2020-04-02 14:16:44 +02:00
i810
i915 drm/dp_mst: Remove drm_dp_mst_has_audio() 2020-04-07 14:30:13 -04:00
imx drm/imx: Use simple encoder 2020-04-02 14:16:44 +02:00
ingenic drm/ingenic: Remove error check from fbdev setup 2020-04-08 16:24:44 +02:00
lib
lima drm/lima: Add optional devfreq and cooling device support 2020-03-28 16:29:46 +08:00
mcde drm/mcde: More devm_drm_dev_init 2020-03-26 16:05:12 +01:00
mediatek drm/mediatek: Remove error check from fbdev setup 2020-04-08 16:24:48 +02:00
meson drm/meson: Drop explicit drm_mode_config_cleanup call 2020-03-26 16:05:31 +01:00
mga
mgag200 drm/mgag200: Set up fbdev after registering device; remove error checks 2020-04-08 16:24:52 +02:00
msm drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
mxsfb
nouveau drm/nouveau/therm: convert to use i2c_new_client_device() 2020-03-28 22:48:17 +01:00
omapdrm drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
panel drm/panel: support for boe,tv105wum-nw0 dsi video mode panel 2020-04-08 22:19:22 +02:00
panfrost drm-misc-next for 5.7: 2020-03-12 12:42:56 +10:00
pl111 drm/pl111: Drop explicit drm_mode_config_cleanup call 2020-03-26 16:05:39 +01:00
qxl drm/qxl: Use correct notify port address when creating cursor ring 2020-03-31 16:48:00 +02:00
r128 drm: delete drm_pci.h 2020-04-03 17:11:41 +02:00
radeon drm: delete drm_pci.h 2020-04-03 17:11:41 +02:00
rcar-du drm/rcar-du: Use simple encoder 2020-04-02 14:16:45 +02:00
rockchip drm/rockchip: fix spelling mistake "modifer" -> "modifier" 2020-04-15 13:25:12 +02:00
savage
scheduler drm/sched: implement and export drm_sched_pick_best 2020-03-16 16:21:32 -04:00
selftests drm/modes: Make sure to parse valid rotation value from cmdline 2020-02-12 18:32:54 +01:00
shmobile drm/shmobile: Use simple encoder 2020-04-02 14:16:45 +02:00
sis
sti drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
stm drm/stm: Drop explicit drm_mode_config_cleanup call 2020-03-26 16:06:00 +01:00
sun4i drm/sun4i: tcon: Delete an error message in sun4i_tcon_init_irq() 2020-04-06 10:19:25 +02:00
tdfx
tegra drm/tegra: Use simple encoder 2020-04-02 14:16:45 +02:00
tidss drm/tidss: Use simple encoder 2020-04-02 14:16:45 +02:00
tilcdc drm/tilcdc: Set up fbdev after fully registering device 2020-04-08 16:24:56 +02:00
tiny drm/mipi-dbi: Drop explicit drm_mode_config_cleanup call 2020-03-26 16:09:10 +01:00
ttm drm/ttm: lock resv object during destruction 2020-04-01 09:02:45 +02:00
tve200
udl drm/udl: Remove error check from fbdev setup 2020-04-08 16:24:59 +02:00
v3d drm/v3d: Use drmm_add_final_kfree 2020-03-26 15:18:11 +01:00
vboxvideo drm/vboxvideo: Set up fbdev after registering device; remove error checks 2020-04-08 16:25:02 +02:00
vc4 drm/vc4: Use simple encoder 2020-04-02 14:16:45 +02:00
vgem drm: Garbage collect drm_dev_fini 2020-03-26 15:45:36 +01:00
via Merge branch 'akpm' (patches from Andrew) 2020-01-31 12:16:36 -08:00
virtio drm/virtio: make virtio_gpu_object_attach void 2020-04-03 12:01:37 +02:00
vkms drm/vkms: Use simple encoder 2020-04-02 14:16:46 +02:00
vmwgfx drm/vmwgfx: Use vmwgfx version 2.18 to signal SM5 compatibility 2020-03-23 22:48:57 +01:00
xen drm: Garbage collect drm_dev_fini 2020-03-26 15:45:36 +01:00
zte drm/zte: Use simple encoder 2020-04-02 14:16:46 +02:00
drm_agpsupport.c
drm_atomic_helper.c drm/bridge: Add the necessary bits to support bus format negotiation 2020-01-31 16:39:53 +01:00
drm_atomic_state_helper.c drm/atomic-helper: fix kerneldoc 2020-02-15 13:21:22 +01:00
drm_atomic_uapi.c
drm_atomic.c drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
drm_auth.c drm: error out with EBUSY when device has existing master 2020-03-30 12:20:41 +01:00
drm_blend.c drm: add docs about the IN_FORMATS plane property 2020-03-31 11:12:42 +02:00
drm_bridge_connector.c drm: Add helper to create a connector for a chain of bridges 2020-02-26 13:31:41 +02:00
drm_bridge.c drm: Add helper to create a connector for a chain of bridges 2020-02-26 13:31:41 +02:00
drm_bufs.c drm: delete drm_pci.h 2020-04-03 17:11:41 +02:00
drm_cache.c
drm_client_modeset.c Linux 5.6-rc5 2020-03-11 07:27:21 +10:00
drm_client.c drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
drm_color_mgmt.c
drm_connector.c drm/edid: Fix DispID tile parsing for override EDID 2020-03-18 17:52:36 +02:00
drm_context.c drm: context: Clean up documentation 2020-03-16 09:23:55 +01:00
drm_crtc_helper_internal.h
drm_crtc_helper.c drm: drop unused drm_crtc callback 2020-02-15 21:15:17 +01:00
drm_crtc_internal.h drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
drm_crtc.c
drm_damage_helper.c
drm_debugfs_crc.c drm/crc: Actually allow to change the crc source 2020-01-28 16:49:22 +01:00
drm_debugfs.c drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
drm_dma.c drm: delete drm_pci.h 2020-04-03 17:11:41 +02:00
drm_dp_aux_dev.c
drm_dp_cec.c
drm_dp_dual_mode_helper.c
drm_dp_helper.c UAPI Changes: 2020-03-19 10:40:27 +10:00
drm_dp_mst_topology_internal.h
drm_dp_mst_topology.c drm/dp_mst: Print errors on ACT timeouts 2020-04-09 12:09:41 -04:00
drm_drv.c drm: Fix wrong kfree() in managed resource usage example 2020-04-02 13:04:57 +02:00
drm_dsc.c
drm_dumb_buffers.c
drm_edid_load.c
drm_edid.c drm/edid: Fix DispID tile parsing for override EDID 2020-03-18 17:52:36 +02:00
drm_encoder_slave.c
drm_encoder.c
drm_fb_cma_helper.c
drm_fb_helper.c drm/fb-helper: Remove return value from drm_fbdev_generic_setup() 2020-04-08 16:27:08 +02:00
drm_file.c drm: Nerf drm_global_mutex BKL for good drivers 2020-02-11 15:03:09 +01:00
drm_flip_work.c
drm_format_helper.c drm/format_helper: Dual licence the file in GPL 2 and MIT 2020-02-17 10:27:13 +01:00
drm_fourcc.c
drm_framebuffer.c drm: convert .debugfs_init() hook to return void. 2020-03-18 17:53:28 +01:00
drm_gem_cma_helper.c
drm_gem_framebuffer_helper.c drm: Don't free a struct never allocated by drm_gem_fb_init() 2020-04-16 13:44:29 +02:00
drm_gem_shmem_helper.c drm/shmem: drop pgprot_decrypted() 2020-03-02 07:13:19 +01:00
drm_gem_ttm_helper.c
drm_gem_vram_helper.c drm/vram-helpers: Merge code into a single file 2020-04-09 09:56:33 +02:00
drm_gem.c drm: Manage drm_gem_init with drmm_ 2020-03-26 15:38:09 +01:00
drm_hashtab.c
drm_hdcp.c drm/hdcp: optimizing the srm handling 2020-03-04 06:33:00 +05:30
drm_internal.h drm: Manage drm_vblank_cleanup with drmm_ 2020-03-26 15:38:17 +01:00
drm_ioc32.c
drm_ioctl.c drm: rework SET_MASTER and DROP_MASTER perm handling 2020-03-30 12:20:32 +01:00
drm_irq.c drm/irq: remove check on dev->dev_private 2020-02-11 18:39:47 +02:00
drm_kms_helper_common.c
drm_lease.c
drm_legacy_misc.c
drm_legacy.h
drm_lock.c drm: lock: Clean up documentation 2020-03-16 09:27:09 +01:00
drm_managed.c drm/managed: Fix off-by-one in warning 2020-03-30 21:42:23 +02:00
drm_memory.c
drm_mipi_dbi.c drm/mipi-dbi: Drop explicit drm_mode_config_cleanup call 2020-03-26 16:09:10 +01:00
drm_mipi_dsi.c
drm_mm.c drm/mm: revert "Break long searches in fragmented address spaces" 2020-03-31 14:47:51 +02:00
drm_mode_config.c drm: Manage drm_mode_config_init with drmm_ 2020-03-26 15:45:43 +01:00
drm_mode_object.c
drm_modes.c drm/modes: Make sure to parse valid rotation value from cmdline 2020-02-12 18:32:54 +01:00
drm_modeset_helper.c
drm_modeset_lock.c
drm_of.c
drm_panel_orientation_quirks.c
drm_panel.c
drm_pci.c drm: delete drm_pci.h 2020-04-03 17:11:41 +02:00
drm_plane_helper.c
drm_plane.c
drm_prime.c
drm_print.c
drm_probe_helper.c
drm_property.c
drm_rect.c
drm_scatter.c drm: prevent a harmless integer overflow in drm_legacy_sg_alloc() 2020-02-29 00:16:12 +01:00
drm_scdc_helper.c
drm_self_refresh_helper.c
drm_simple_kms_helper.c drm/simple-kms: Fix documentation for drm_simple_encoder_init() 2020-03-06 09:24:29 +01:00
drm_syncobj.c drm/syncobj: Add documentation for timeline syncobj 2020-01-20 14:22:21 +01:00
drm_sysfs.c drm: sysfs: Use scnprintf() for avoiding potential buffer overflow 2020-03-11 14:54:09 +01:00
drm_trace_points.c
drm_trace.h
drm_vblank.c drm/vblank: Add intro to documentation 2020-04-07 18:32:42 +02:00
drm_vm.c drm: drm_vm: Use fallthrough; 2020-03-18 14:48:34 +01:00
drm_vma_manager.c
drm_writeback.c
Kconfig drm: unbreak the DRM menu, broken by DRM_EXPORT_FOR_TESTS 2020-03-06 11:15:43 +00:00
Makefile drm/vram-helpers: Merge code into a single file 2020-04-09 09:56:33 +02:00