]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob - releases/4.19.34/drm-fb-helper-fix-leaks-in-error-path-of-drm_fb_help.patch
projects / thirdparty / kernel / stable-queue.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Linux 4.19.34
[thirdparty/kernel/stable-queue.git] / releases / 4.19.34 / drm-fb-helper-fix-leaks-in-error-path-of-drm_fb_help.patch
1 From f850299bc8b21cd71287b1eed79c7aae16812a9c Mon Sep 17 00:00:00 2001
2 From: Peter Wu <peter@lekensteyn.nl>
3 Date: Sun, 23 Dec 2018 01:55:07 +0100
4 Subject: drm/fb-helper: fix leaks in error path of drm_fb_helper_fbdev_setup
5 MIME-Version: 1.0
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
8
9 [ Upstream commit 00eb5b0da8d27b3c944bfc959c3344d665caae26 ]
10
11 After drm_fb_helper_fbdev_setup calls drm_fb_helper_init,
12 "dev->fb_helper" will be initialized (and thus drm_fb_helper_fini will
13 have some effect). After that, drm_fb_helper_initial_config is called
14 which may call the "fb_probe" driver callback.
15
16 This driver callback may call drm_fb_helper_defio_init (as is done by
17 drm_fb_helper_generic_probe) or set a framebuffer (as is done by bochs)
18 as documented. These are normally cleaned up on exit by
19 drm_fb_helper_fbdev_teardown which also calls drm_fb_helper_fini.
20
21 If an error occurs after "fb_probe", but before setup is complete, then
22 calling just drm_fb_helper_fini will leak resources. This was triggered
23 by df2052cc922 ("bochs: convert to drm_fb_helper_fbdev_setup/teardown"):
24
25 [ 50.008030] bochsdrmfb: enable CONFIG_FB_LITTLE_ENDIAN to support this framebuffer
26 [ 50.009436] bochs-drm 0000:00:02.0: [drm:drm_fb_helper_fbdev_setup] *ERROR* fbdev: Failed to set configuration (ret=-38)
27 [ 50.011456] [drm] Initialized bochs-drm 1.0.0 20130925 for 0000:00:02.0 on minor 2
28 [ 50.013604] WARNING: CPU: 1 PID: 1 at drivers/gpu/drm/drm_mode_config.c:477 drm_mode_config_cleanup+0x280/0x2a0
29 [ 50.016175] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G T 4.20.0-rc7 #1
30 [ 50.017732] EIP: drm_mode_config_cleanup+0x280/0x2a0
31 ...
32 [ 50.023155] Call Trace:
33 [ 50.023155] ? bochs_kms_fini+0x1e/0x30
34 [ 50.023155] ? bochs_unload+0x18/0x40
35
36 This can be reproduced with QEMU and CONFIG_FB_LITTLE_ENDIAN=n.
37
38 Link: https://lkml.kernel.org/r/20181221083226.GI23332@shao2-debian
39 Link: https://lkml.kernel.org/r/20181223004315.GA11455@al
40 Fixes: 8741216396b2 ("drm/fb-helper: Add drm_fb_helper_fbdev_setup/teardown()")
41 Reported-by: kernel test robot <rong.a.chen@intel.com>
42 Cc: Noralf Trønnes <noralf@tronnes.org>
43 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
44 Reviewed-by: Noralf Trønnes <noralf@tronnes.org>
45 Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
46 Link: https://patchwork.freedesktop.org/patch/msgid/20181223005507.28328-1-peter@lekensteyn.nl
47 Signed-off-by: Sasha Levin <sashal@kernel.org>
48 ---
49 drivers/gpu/drm/drm_fb_helper.c | 2 +-
50 1 file changed, 1 insertion(+), 1 deletion(-)
51
52 diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
53 index e65596617239..a0663f44e218 100644
54 --- a/drivers/gpu/drm/drm_fb_helper.c
55 +++ b/drivers/gpu/drm/drm_fb_helper.c
56 @@ -2877,7 +2877,7 @@ int drm_fb_helper_fbdev_setup(struct drm_device *dev,
57 return 0;
58
59 err_drm_fb_helper_fini:
60 - drm_fb_helper_fini(fb_helper);
61 + drm_fb_helper_fbdev_teardown(dev);
62
63 return ret;
64 }
65 --
66 2.19.1
67
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git