On 10/17/2017 01:58 PM, Felix Kuehling wrote:
On 2017-10-17 01:25 PM, Tom St Denis wrote:
On 17/10/17 01:23 PM, Tom St Denis wrote:
On 17/10/17 01:18 PM, Christian König wrote:
Am 17.10.2017 um 16:10 schrieb Tom St Denis:
In this block of code:
void amdgpu_dm_connector_funcs_reset(struct drm_connector *connector)
{
struct dm_connector_state *state =
to_dm_connector_state(connector->state);
kfree(state);
state = kzalloc(sizeof(*state), GFP_KERNEL);
The value of state is never compared with NULL and moreso the value
of connector->state is never written to if NULL. Wouldn't this mean
the pointer points to freed memory?
Sorry I think I might be explaining this poorly.
In the case the alloc succeeds the pointer is updated and everything
is fine.
IF the alloc fails the pointer (connector->state) is not updated and
the value points to freed memory.
I'm wondering why the function frees, and then reallocates the memory.
Does its size change? If not, why not just memset it to 0?
I don't have an answer for why not just memset, this hook is a an older
relic and not implemented
properly, dm_drm_plane_reset is a more recent example of how it should
be implemented
(calling atomic_destroy_state hook inside) and i think we do kfree there
just because DRM's helpers
(e.g. drm_atomic_helper_plane_destroy_state) do the same.
Thanks,
Andrey
Regards,
Felix
Tom
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
