• Johannes Weiner's avatar
    fbcon: don't use vc_resize() on initialization · 0035fe00
    Johannes Weiner authored
    Catalin and kmemleak spotted a leak of a VC screen buffer in
    vc_allocate() due to the following chain of events:
    
    	vc_allocate()
    	  visual_init(init=1)
    	    vc->vc_sw->con_init(init=1)
                  fbcon_init()
    	        vc_resize()
    	          vc->screen_buf = kmalloc()
    	  vc->screen_buf = kmalloc()
    
    The common way for the VC drivers is to set the screen dimension
    parameters manually in the init case and only call vc_resize() for
    !init - which allocates a screen buffer according to the new
    dimensions.
    
    fbcon instead would do vc_resize() unconditionally and afterwards set
    the dimensions manually (again) for !init - i.e. completely upside
    down.  The vc_resize() allocated buffer would then get lost by
    vc_allocate() allocating a fresh one.
    
    Use vc_resize() only for actual resizing to close the leak.
    
    Set the dimensions manually only in initialization mode to remove the
    redundant setting in resize mode.
    
    The kmemleak trace from Catalin:
    
    unreferenced object 0xde158000 (size 12288):
      comm "Xorg", pid 1439, jiffies 4294961016
      hex dump (first 32 bytes):
        20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00   . . . . . . . .
        20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00   . . . . . . . .
      backtrace:
        [<c006f74b>] __save_stack_trace+0x17/0x1c
        [<c006f81d>] create_object+0xcd/0x188
        [<c01f5457>] kmemleak_alloc+0x1b/0x3c
        [<c006e303>] __kmalloc+0xdb/0xe8
        [<c012cc4b>] vc_do_resize+0x73/0x1e0
        [<c012cdf1>] vc_resize+0x15/0x18
        [<c011afc1>] fbcon_init+0x1f9/0x2b8
        [<c0129e87>] visual_init+0x9f/0xdc
        [<c012aff3>] vc_allocate+0x7f/0xfc
        [<c012b087>] con_open+0x17/0x80
        [<c0120e43>] tty_open+0x1f7/0x2e4
        [<c0072fa1>] chrdev_open+0x101/0x118
        [<c006ffad>] __dentry_open+0x105/0x1cc
        [<c00700fd>] nameidata_to_filp+0x2d/0x38
        [<c00788cd>] do_filp_open+0x2c1/0x54c
        [<c006fdff>] do_sys_open+0x3b/0xb4
    Reported-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
    Tested-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    Cc: Pekka Enberg <penberg@cs.helsinki.fi>
    Cc: Krzysztof Helt <krzysztof.h1@poczta.fm>
    Tested-by: default avatarDave Young <hidave.darkstar@gmail.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    0035fe00
fbcon.c 85 KB