On 12/3/21 14:15, Carsten Haitzler wrote:
On 12/3/21 10:09, Liviu Dudau wrote:
If drm_universal_plane_init() fails early we jump to the common
cleanup code
that calls komeda_plane_destroy() which in turn could access the
uninitalised
drm_plane and crash. Return early if an error is detected without
going through
the common code.
Reported-by: Steven Price <steven.pr...@arm.com>
Signed-off-by: Liviu Dudau <liviu.du...@arm.com>
---
drivers/gpu/drm/arm/display/komeda/komeda_plane.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
index aa193c58f4bf6d9..517b94c3bcaf966 100644
--- a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
+++ b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
@@ -279,8 +279,10 @@ static int komeda_plane_add(struct komeda_kms_dev
*kms,
komeda_put_fourcc_list(formats);
- if (err)
- goto cleanup;
+ if (err) {
+ kfree(kplane);
+ return err;
+ }
drm_plane_helper_add(plane, &komeda_plane_helper_funcs);
Ummm... can I disagree here? this goto cleanup I think is just fine
because plane has been set before drm_universal_plane_init() is called
which is before the if (err) here. komeda_plane_destroy() in cleanup:
does all the right things, so this patch isn't needed. I think it's less
clean as it adds a new "handle error" path special-case instance where a
special case is not needed. The fix to Zhou's original patch was needed
for exactly the reason Liviu said - but not this one... ?
Let me take that back - it seems an init fail shouldn't call cleanup but
the init fail doesn't quite cleanup properly. Steven found this and
already sent a patch.
