Commit graph

21 commits

Author SHA1 Message Date
Jesper Juhl
190644e180 Fix "use after free" / "double free" bug in ati_create_gatt_pages / ati_free_gatt_pages
Hi,

Coverity spotted a "use after free" bug in
drivers/char/agp/ati-agp.c::ati_create_gatt_pages().

The same one that was in
  drivers/char/agp/amd-k7-agp.c::amd_create_gatt_pages()

The problem is this:
       If "entry = kzalloc(sizeof(struct ati_page_map), GFP_KERNEL);"
fails, then there's a loop in the function to free all entries
allocated so far and break out of the allocation loop. That in itself
is pretty sane, but then the (now freed) 'tables' is assigned to
ati_generic_private.gatt_pages and 'retval' is set to -ENOMEM which
causes ati_free_gatt_pages(); to be called at the end of the function.
The problem with this is that ati_free_gatt_pages() will then loop
'ati_generic_private.num_tables' times and try to free each entry in
tables[] - this is bad since tables has already been freed and
furthermore it will call kfree(tables) at the end - a double free.

This patch removes the freeing loop in ati_create_gatt_pages() and
instead relies entirely on the call to ati_free_gatt_pages() to free
everything we allocated in case of an error. It also sets
ati_generic_private.num_tables to the actual number of entries
allocated instead of just using the value passed in from the caller -
this ensures that ati_free_gatt_pages() will only attempt to free
stuff that was actually allocated.

Note: I'm in no way intimate with this code and I have no way to
actually test this patch (besides compile test it), so while I've
tried to be careful in reading the code and make sure the patch
does the right thing an ACK from someone who actually knows the
code in-depth would be very much appreciated.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2007-07-27 10:44:32 +10:00
Dave Jones
e5524f355a [AGPGART] Further constification.
Make agp_bridge_driver->aperture_sizes and ->masks const.
Also agp_bridge_data->driver

Signed-off-by: Dave Jones <davej@redhat.com>
2007-02-22 18:41:28 -05:00
Thomas Hellstrom
a030ce4477 [AGPGART] Allow drm-populated agp memory types
This patch allows drm to populate an agpgart structure with pages of its own.
It's needed for the new drm memory manager which dynamically flips pages in and out of AGP.

The patch modifies the generic functions as well as the intel agp driver. The intel drm driver is
currently the only one supporting the new memory manager.

Other agp drivers may need some minor fixing up once they have a corresponding memory manager enabled drm driver.

AGP memory types >= AGP_USER_TYPES are not populated by the agpgart driver, but the drm is expected
to do that, as well as taking care of cache- and tlb flushing when needed.

It's not possible to request these types from user space using agpgart ioctls.

The Intel driver also gets a new memory type for pages that can be bound cached to the intel GTT.

Signed-off-by: Thomas Hellstrom <thomas@tungstengraphics.com>
Signed-off-by: Dave Jones <davej@redhat.com>
2007-02-03 17:16:24 -05:00
Dave Jones
7707ea3b78 [AGPGART] Remove pointless assignment.
No point in clearing local pointers then returning.
Also fix up some CodingStyle nits.

Signed-off-by: Dave Jones <davej@redhat.com>
2007-01-28 17:50:17 -05:00
Dave Jones
87a17f31a3 [AGPGART] Remove pointless typedef in ati-agp
This seems to exist just to save people typing 'struct' a few times,
and doesn't provide any additional value.

Signed-off-by: Dave Jones <davej@redhat.com>
2007-01-28 17:41:37 -05:00
Dave Jones
55b4d6a521 Merge ../linus
Conflicts:

	drivers/char/agp/Kconfig
2006-06-29 16:01:54 -04:00
Andreas Mohr
d6e05edc59 spelling fixes
acquired (aquired)
contiguous (contigious)
successful (succesful, succesfull)
surprise (suprise)
whether (weather)
some other misspellings

Signed-off-by: Andreas Mohr <andi@lisas.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
2006-06-26 18:35:02 +02:00
Dave Jones
b3818ed446 [AGPGART] Compile fix for ati-agp
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Dave Jones <davej@redhat.com>
2006-06-21 13:10:26 -04:00
Dave Jones
a4aec26223 [AGPGART] Suspend/Resume improvements for ATI AGP
Based on patches in the Ubuntu kernel.

Signed-off-by: Ben Collins <bcollins@ubuntu.com>
Signed-off-by: Dave Jones <davej@redhat.com>
2006-06-20 00:42:04 -04:00
Dave Jones
89d17b9604 [AGPGART] Whitespace cleanups for ati-agp
Signed-off-by: Dave Jones <davej@redhat.com>
2006-06-20 00:39:19 -04:00
Dave Jones
9d1ef8a64e [AGPGART] ATI RS350 support.
From: Julien Tous <julien.tous@gmail.com>
Signed-off-by: Dave Jones <davej@redhat.com>
2006-03-01 14:23:14 -05:00
Dave Jones
6a92a4e0d2 [AGPGART] Lots of CodingStyle/whitespace cleanups.
Eliminate trailing whitespace.
s/if(/if (/
s/for(/for (/

Signed-off-by: Dave Jones <davej@redhat.com>
2006-02-28 00:54:25 -05:00
akpm@osdl.org
5dda498675 [AGPGART] Suspend/Resume support for ATI GART
Add suspend/resume support for the ati-agp module

Signed-off-by: Jaco Kroon <jaco@kroon.co.za>
Acked-by: Pavel Machek <pavel@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Dave Jones <davej@redhat.com>
2006-01-16 20:53:45 -08:00
Greg Kroah-Hartman
249bb070f5 [PATCH] PCI: removed unneeded .owner field from struct pci_driver
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2005-11-10 16:09:17 -08:00
Linus Torvalds
7079060f3e Merge master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart 2005-11-07 13:26:58 -08:00
Tim Schmielau
4e57b68178 [PATCH] fix missing includes
I recently picked up my older work to remove unnecessary #includes of
sched.h, starting from a patch by Dave Jones to not include sched.h
from module.h. This reduces the number of indirect includes of sched.h
by ~300. Another ~400 pointless direct includes can be removed after
this disentangling (patch to follow later).
However, quite a few indirect includes need to be fixed up for this.

In order to feed the patches through -mm with as little disturbance as
possible, I've split out the fixes I accumulated up to now (complete for
i386 and x86_64, more archs to follow later) and post them before the real
patch.  This way this large part of the patch is kept simple with only
adding #includes, and all hunks are independent of each other.  So if any
hunk rejects or gets in the way of other patches, just drop it.  My scripts
will pick it up again in the next round.

Signed-off-by: Tim Schmielau <tim@physik3.uni-rostock.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-10-30 17:37:32 -08:00
Dave Jones
ea248bcaad [AGPGART] Set .owner field of struct pci_driver.
From: Laurent Riffard <laurent.riffard@free.fr>

This updates .owner field of struct pci_driver.

This allows SYSFS to create the symlink from the driver to the module which
provides it.

$ tree /sys/bus/pci/drivers/agpgart-via/
/sys/bus/pci/drivers/agpgart-via/
|-- 0000:00:00.0 -> ../../../../devices/pci0000:00/0000:00:00.0
|-- bind
|-- module -> ../../../../module/via_agp
|-- new_id
`-- unbind

Signed-off-by: Laurent Riffard <laurent.riffard@free.fr>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
2005-10-24 20:20:11 -07:00
Dave Jones
0ea27d9f2f [AGPGART] Replace kmalloc+memset's with kzalloc's
Signed-off-by: Dave Jones <davej@redhat.com>
2005-10-20 15:12:16 -07:00
Keir Fraser
07eee78ea8 [PATCH] AGP fix for Xen VMM
When Linux is running on the Xen virtual machine monitor, physical
addresses are virtualised and cannot be directly referenced by the AGP
GART.  This patch fixes the GART driver for Xen by adding a layer of
abstraction between physical addresses and 'GART addresses'.

Architecture-specific functions are also defined for allocating and freeing
the GATT.  Xen requires this to ensure that table really is contiguous from
the point of view of the GART.

These extra interface functions are defined as 'no-ops' for all existing
architectures that use the GART driver.

Signed-off-by: Keir Fraser <keir@xensource.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Dave Jones <davej@redhat.com>
2005-06-07 12:35:43 -07:00
Adrian Bunk
408b664a7d [PATCH] make lots of things static
Another large rollup of various patches from Adrian which make things static
where they were needlessly exported.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 08:59:29 -07:00
Linus Torvalds
1da177e4c3 Linux-2.6.12-rc2
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.

Let it rip!
2005-04-16 15:20:36 -07:00