From: Ville Syrjälä ville.syrjala@linux.intel.com
drmModeGetConnectorCurrent() must provide temporary storage for the kernel to fill in at least one mode (asking for !=0 modes is how you prevent the heavyweight probe in the kernel). Currently we malloc that temp storage but we fail to free it before overwriting the pointer with the address of the actual storage we use to store the real mode list we get from the kernel in the second ioctl call.
Let's just keep the temporary storage on the stack and thus we avoid the leak and also eliminate some pointless mallocs.
Cc: Chris Wilson chris@chris-wilson.co.uk Fixes: 5ed5fa10600f ("mode: Retrieve only the current information for a Connector") Signed-off-by: Ville Syrjälä ville.syrjala@linux.intel.com --- xf86drmMode.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/xf86drmMode.c b/xf86drmMode.c index ab6b5195e8d3..7710061865ee 100644 --- a/xf86drmMode.c +++ b/xf86drmMode.c @@ -475,12 +475,13 @@ _drmModeGetConnector(int fd, uint32_t connector_id, int probe) { struct drm_mode_get_connector conn, counts; drmModeConnectorPtr r = NULL; + struct drm_mode_modeinfo stack_mode;
memclear(conn); conn.connector_id = connector_id; if (!probe) { conn.count_modes = 1; - conn.modes_ptr = VOID2U64(drmMalloc(sizeof(struct drm_mode_modeinfo))); + conn.modes_ptr = VOID2U64(&stack_mode); }
if (drmIoctl(fd, DRM_IOCTL_MODE_GETCONNECTOR, &conn)) @@ -504,7 +505,7 @@ retry: goto err_allocs; } else { conn.count_modes = 1; - conn.modes_ptr = VOID2U64(drmMalloc(sizeof(struct drm_mode_modeinfo))); + conn.modes_ptr = VOID2U64(&stack_mode); }
if (conn.count_encoders) { @@ -525,7 +526,8 @@ retry: counts.count_encoders < conn.count_encoders) { drmFree(U642VOID(conn.props_ptr)); drmFree(U642VOID(conn.prop_values_ptr)); - drmFree(U642VOID(conn.modes_ptr)); + if (U642VOID(conn.modes_ptr) != &stack_mode) + drmFree(U642VOID(conn.modes_ptr)); drmFree(U642VOID(conn.encoders_ptr));
goto retry; @@ -567,7 +569,8 @@ retry: err_allocs: drmFree(U642VOID(conn.prop_values_ptr)); drmFree(U642VOID(conn.props_ptr)); - drmFree(U642VOID(conn.modes_ptr)); + if (U642VOID(conn.modes_ptr) != &stack_mode) + drmFree(U642VOID(conn.modes_ptr)); drmFree(U642VOID(conn.encoders_ptr));
return r;
On Tue, Dec 15, 2015 at 03:59:28PM +0200, ville.syrjala@linux.intel.com wrote:
From: Ville Syrjälä ville.syrjala@linux.intel.com
drmModeGetConnectorCurrent() must provide temporary storage for the kernel to fill in at least one mode (asking for !=0 modes is how you prevent the heavyweight probe in the kernel). Currently we malloc that temp storage but we fail to free it before overwriting the pointer with the address of the actual storage we use to store the real mode list we get from the kernel in the second ioctl call.
Let's just keep the temporary storage on the stack and thus we avoid the leak and also eliminate some pointless mallocs.
Cc: Chris Wilson chris@chris-wilson.co.uk Fixes: 5ed5fa10600f ("mode: Retrieve only the current information for a Connector") Signed-off-by: Ville Syrjälä ville.syrjala@linux.intel.com
xf86drmMode.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/xf86drmMode.c b/xf86drmMode.c index ab6b5195e8d3..7710061865ee 100644 --- a/xf86drmMode.c +++ b/xf86drmMode.c @@ -475,12 +475,13 @@ _drmModeGetConnector(int fd, uint32_t connector_id, int probe) { struct drm_mode_get_connector conn, counts; drmModeConnectorPtr r = NULL;
struct drm_mode_modeinfo stack_mode;
memclear(conn); conn.connector_id = connector_id; if (!probe) { conn.count_modes = 1;
conn.modes_ptr = VOID2U64(drmMalloc(sizeof(struct drm_mode_modeinfo)));
conn.modes_ptr = VOID2U64(&stack_mode);
If you just made this change, we wouldn't need the hunks below (and I wouln't have to look at so much shouting).
Either way, Reviewed-by: Chris Wilson chris@chris-wilson.co.uk -Chris
On Tue, Dec 15, 2015 at 02:05:45PM +0000, Chris Wilson wrote:
On Tue, Dec 15, 2015 at 03:59:28PM +0200, ville.syrjala@linux.intel.com wrote:
From: Ville Syrjälä ville.syrjala@linux.intel.com
drmModeGetConnectorCurrent() must provide temporary storage for the kernel to fill in at least one mode (asking for !=0 modes is how you prevent the heavyweight probe in the kernel). Currently we malloc that temp storage but we fail to free it before overwriting the pointer with the address of the actual storage we use to store the real mode list we get from the kernel in the second ioctl call.
Let's just keep the temporary storage on the stack and thus we avoid the leak and also eliminate some pointless mallocs.
Cc: Chris Wilson chris@chris-wilson.co.uk Fixes: 5ed5fa10600f ("mode: Retrieve only the current information for a Connector") Signed-off-by: Ville Syrjälä ville.syrjala@linux.intel.com
xf86drmMode.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/xf86drmMode.c b/xf86drmMode.c index ab6b5195e8d3..7710061865ee 100644 --- a/xf86drmMode.c +++ b/xf86drmMode.c @@ -475,12 +475,13 @@ _drmModeGetConnector(int fd, uint32_t connector_id, int probe) { struct drm_mode_get_connector conn, counts; drmModeConnectorPtr r = NULL;
struct drm_mode_modeinfo stack_mode;
memclear(conn); conn.connector_id = connector_id; if (!probe) { conn.count_modes = 1;
conn.modes_ptr = VOID2U64(drmMalloc(sizeof(struct drm_mode_modeinfo)));
conn.modes_ptr = VOID2U64(&stack_mode);If you just made this change, we wouldn't need the hunks below (and I wouln't have to look at so much shouting).
That was my initial plan, but then I figured we could also skip the other malloc for disconnected connectors.
Either way, Reviewed-by: Chris Wilson chris@chris-wilson.co.uk -Chris
-- Chris Wilson, Intel Open Source Technology Centre
On Tue, Dec 15, 2015 at 02:05:45PM +0000, Chris Wilson wrote:
On Tue, Dec 15, 2015 at 03:59:28PM +0200, ville.syrjala@linux.intel.com wrote:
From: Ville Syrjälä ville.syrjala@linux.intel.com
drmModeGetConnectorCurrent() must provide temporary storage for the kernel to fill in at least one mode (asking for !=0 modes is how you prevent the heavyweight probe in the kernel). Currently we malloc that temp storage but we fail to free it before overwriting the pointer with the address of the actual storage we use to store the real mode list we get from the kernel in the second ioctl call.
Let's just keep the temporary storage on the stack and thus we avoid the leak and also eliminate some pointless mallocs.
Cc: Chris Wilson chris@chris-wilson.co.uk Fixes: 5ed5fa10600f ("mode: Retrieve only the current information for a Connector") Signed-off-by: Ville Syrjälä ville.syrjala@linux.intel.com
xf86drmMode.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/xf86drmMode.c b/xf86drmMode.c index ab6b5195e8d3..7710061865ee 100644 --- a/xf86drmMode.c +++ b/xf86drmMode.c @@ -475,12 +475,13 @@ _drmModeGetConnector(int fd, uint32_t connector_id, int probe) { struct drm_mode_get_connector conn, counts; drmModeConnectorPtr r = NULL;
struct drm_mode_modeinfo stack_mode;
memclear(conn); conn.connector_id = connector_id; if (!probe) { conn.count_modes = 1;
conn.modes_ptr = VOID2U64(drmMalloc(sizeof(struct drm_mode_modeinfo)));
conn.modes_ptr = VOID2U64(&stack_mode);If you just made this change, we wouldn't need the hunks below (and I wouln't have to look at so much shouting).
Either way, Reviewed-by: Chris Wilson chris@chris-wilson.co.uk
Pushed to master. Thanks for the review.
dri-devel@lists.freedesktop.org
-
Chris Wilson -
Ville Syrjälä -
ville.syrjala@linux.intel.com