1
linux/drivers
Johannes Weiner 0035fe00f7 fbcon: don't use vc_resize() on initialization
Catalin and kmemleak spotted a leak of a VC screen buffer in
vc_allocate() due to the following chain of events:

	vc_allocate()
	  visual_init(init=1)
	    vc->vc_sw->con_init(init=1)
              fbcon_init()
	        vc_resize()
	          vc->screen_buf = kmalloc()
	  vc->screen_buf = kmalloc()

The common way for the VC drivers is to set the screen dimension
parameters manually in the init case and only call vc_resize() for
!init - which allocates a screen buffer according to the new
dimensions.

fbcon instead would do vc_resize() unconditionally and afterwards set
the dimensions manually (again) for !init - i.e. completely upside
down.  The vc_resize() allocated buffer would then get lost by
vc_allocate() allocating a fresh one.

Use vc_resize() only for actual resizing to close the leak.

Set the dimensions manually only in initialization mode to remove the
redundant setting in resize mode.

The kmemleak trace from Catalin:

unreferenced object 0xde158000 (size 12288):
  comm "Xorg", pid 1439, jiffies 4294961016
  hex dump (first 32 bytes):
    20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00   . . . . . . . .
    20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00   . . . . . . . .
  backtrace:
    [<c006f74b>] __save_stack_trace+0x17/0x1c
    [<c006f81d>] create_object+0xcd/0x188
    [<c01f5457>] kmemleak_alloc+0x1b/0x3c
    [<c006e303>] __kmalloc+0xdb/0xe8
    [<c012cc4b>] vc_do_resize+0x73/0x1e0
    [<c012cdf1>] vc_resize+0x15/0x18
    [<c011afc1>] fbcon_init+0x1f9/0x2b8
    [<c0129e87>] visual_init+0x9f/0xdc
    [<c012aff3>] vc_allocate+0x7f/0xfc
    [<c012b087>] con_open+0x17/0x80
    [<c0120e43>] tty_open+0x1f7/0x2e4
    [<c0072fa1>] chrdev_open+0x101/0x118
    [<c006ffad>] __dentry_open+0x105/0x1cc
    [<c00700fd>] nameidata_to_filp+0x2d/0x38
    [<c00788cd>] do_filp_open+0x2c1/0x54c
    [<c006fdff>] do_sys_open+0x3b/0xb4

Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Tested-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Krzysztof Helt <krzysztof.h1@poczta.fm>
Tested-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-08-07 10:39:56 -07:00
..
accessibility
acpi Merge branch 'misc-2.6.31' into release 2009-08-02 12:55:51 -04:00
amba [ARM] amba: fix amba device resources 2009-07-05 22:39:08 +01:00
ata libata: accept late unlocking of HPA 2009-07-28 21:07:09 -04:00
atm
auxdisplay
base driver core: sysdev: do not send KOBJ_ADD uevent if kobject_init_and_add fails 2009-07-28 13:45:22 -07:00
block mg_disk: Add missing ready status check on mg_write() 2009-07-28 08:57:33 +02:00
bluetooth headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
cdrom
char Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 2009-08-04 15:39:43 -07:00
clocksource
connector connector: maintainer/mail update. 2009-07-21 12:43:51 -07:00
cpufreq [CPUFREQ] Make cpufreq suspend code conditional on powerpc. 2009-08-04 14:32:11 -04:00
cpuidle
crypto
dca
dio
dma Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx 2009-07-30 16:46:31 -07:00
edac amd64_edac: print debug statements only on error 2009-08-04 12:10:06 +02:00
eisa
firewire Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2009-07-06 14:03:44 -07:00
firmware
gpio headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
gpu drm/radeon: Add support for RS880 chips 2009-08-05 12:07:09 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2009-07-22 09:30:07 -07:00
hwmon hwmon: (asus_atk0110) Fix upper limit readings 2009-07-28 16:31:39 +02:00
i2c i2c-omap: OMAP3430 Silicon Errata 1.153 2009-07-30 01:03:24 +01:00
ide ide-tape: Don't leak kernel stack information 2009-07-21 20:36:25 -07:00
idle
ieee1394 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2009-07-06 14:03:44 -07:00
ieee802154
infiniband
input parisc: hp_sdc_mlc.c - check return value of down_trylock() 2009-08-02 15:13:29 +02:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-08-04 15:38:34 -07:00
leds Update Yoichi Yuasa's e-mail address 2009-07-03 15:45:29 +01:00
lguest lguest and virtio: cleanup struct definitions to Linux style. 2009-07-30 16:03:46 +09:30
macintosh
mca
md md: Use revalidate_disk to effect changes in size of device. 2009-08-03 10:59:58 +10:00
media V4L/DVB (12303): cx23885: check pointers before dereferencing in dprintk macro 2009-07-24 14:03:32 -03:00
memstick
message
mfd mfd: twl4030 irq fixes 2009-08-04 20:31:32 +02:00
misc cb710: use SG_MITER_TO_SG/SG_MITER_FROM_SG 2009-07-31 12:28:46 +02:00
mmc imxmmc: Remove unnecessary semicolons 2009-07-31 12:28:46 +02:00
mtd UBI: fix bug in image sequence number handling 2009-07-15 11:30:59 +03:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-08-04 15:38:34 -07:00
nubus
of of/mdio: Add support function for Ethernet fixed-link property 2009-07-22 09:27:18 -07:00
oprofile oprofile: reset bt_lost_no_mapping with other stats 2009-07-10 12:35:36 +02:00
parisc parisc: hppb.c - fix printk format strings 2009-08-02 15:42:39 +02:00
parport parport/serial: add support for NetMos 9901 Multi-IO card 2009-06-30 18:55:59 -07:00
pci Make pci_claim_resource() use request_resource() rather than insert_resource() 2009-08-02 14:10:18 -07:00
pcmcia Remove multiple KERN_ prefixes from printk formats 2009-07-08 10:30:03 -07:00
platform Merge branch 'bugzilla-13825' into release 2009-08-02 12:36:01 -04:00
pnp
power Merge git://git.infradead.org/users/cbou/battery-2.6.31 2009-07-30 16:45:53 -07:00
pps
ps3
rapidio
regulator
rtc rtc: mark if rtc-cmos drivers were successfully registered 2009-07-29 19:10:35 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2009-08-04 15:38:10 -07:00
sbus
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-08-04 15:38:34 -07:00
serial Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2009-07-30 16:45:20 -07:00
sh
sn
spi spi: omap2_mcspi rxdma bugfix 2009-07-29 19:10:35 -07:00
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-07-09 20:33:18 -07:00
staging staging: udlfb: Add vmalloc.h include 2009-07-28 14:07:11 -07:00
tc
telephony headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
thermal
uio
usb USB: xhci: Stall handling bug fixes. 2009-07-28 14:31:13 -07:00
uwb
video fbcon: don't use vc_resize() on initialization 2009-08-07 10:39:56 -07:00
virtio virtio: refactor find_vqs 2009-07-30 16:03:45 +09:30
vlynq vlynq: fix typo in Kconfig to enable debugging 2009-07-06 13:57:03 -07:00
w1 drivers/w1/masters/omap_hdq.c: fix missing mutex unlock 2009-08-07 10:39:55 -07:00
watchdog [WATCHDOG] Fix COH 901 327 watchdog enablement 2009-08-02 19:56:30 +00:00
xen xen: Use kcalloc() in xen_init_IRQ() 2009-07-01 11:19:47 +02:00
zorro
Kconfig
Makefile