linux/drivers/video
Johannes Weiner 0035fe00f7 fbcon: don't use vc_resize() on initialization
Catalin and kmemleak spotted a leak of a VC screen buffer in
vc_allocate() due to the following chain of events:

	vc_allocate()
	  visual_init(init=1)
	    vc->vc_sw->con_init(init=1)
              fbcon_init()
	        vc_resize()
	          vc->screen_buf = kmalloc()
	  vc->screen_buf = kmalloc()

The common way for the VC drivers is to set the screen dimension
parameters manually in the init case and only call vc_resize() for
!init - which allocates a screen buffer according to the new
dimensions.

fbcon instead would do vc_resize() unconditionally and afterwards set
the dimensions manually (again) for !init - i.e. completely upside
down.  The vc_resize() allocated buffer would then get lost by
vc_allocate() allocating a fresh one.

Use vc_resize() only for actual resizing to close the leak.

Set the dimensions manually only in initialization mode to remove the
redundant setting in resize mode.

The kmemleak trace from Catalin:

unreferenced object 0xde158000 (size 12288):
  comm "Xorg", pid 1439, jiffies 4294961016
  hex dump (first 32 bytes):
    20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00   . . . . . . . .
    20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00   . . . . . . . .
  backtrace:
    [<c006f74b>] __save_stack_trace+0x17/0x1c
    [<c006f81d>] create_object+0xcd/0x188
    [<c01f5457>] kmemleak_alloc+0x1b/0x3c
    [<c006e303>] __kmalloc+0xdb/0xe8
    [<c012cc4b>] vc_do_resize+0x73/0x1e0
    [<c012cdf1>] vc_resize+0x15/0x18
    [<c011afc1>] fbcon_init+0x1f9/0x2b8
    [<c0129e87>] visual_init+0x9f/0xdc
    [<c012aff3>] vc_allocate+0x7f/0xfc
    [<c012b087>] con_open+0x17/0x80
    [<c0120e43>] tty_open+0x1f7/0x2e4
    [<c0072fa1>] chrdev_open+0x101/0x118
    [<c006ffad>] __dentry_open+0x105/0x1cc
    [<c00700fd>] nameidata_to_filp+0x2d/0x38
    [<c00788cd>] do_filp_open+0x2c1/0x54c
    [<c006fdff>] do_sys_open+0x3b/0xb4

Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Tested-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Krzysztof Helt <krzysztof.h1@poczta.fm>
Tested-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-08-07 10:39:56 -07:00
..
aty atyfb: fix alignment for block writes 2009-06-30 18:56:01 -07:00
backlight drivers/video/backlight/jornada720_bl.c: fix build 2009-07-29 19:10:35 -07:00
console fbcon: don't use vc_resize() on initialization 2009-08-07 10:39:56 -07:00
display device create: video: convert device_create_drvdata to device_create 2008-10-16 09:24:45 -07:00
geode gx1fb: properly alloc cmap and plug cmap leak 2009-02-11 14:25:34 -08:00
i810 i810fb: fix regression with uninitalized fb_info->mm_lock mutex 2009-07-08 09:19:49 -07:00
intelfb intelfb: fix a bug when changing video timing 2009-06-16 19:48:00 -07:00
kyro
logo fbdev: move logo externs to header file 2009-06-16 19:47:57 -07:00
matrox Remove multiple KERN_ prefixes from printk formats 2009-07-08 10:30:03 -07:00
mb862xx mb862xxfb: use CONFIG_OF instead of CONFIG_PPC_OF 2009-06-16 19:47:59 -07:00
mbx
nvidia nvidiafb: fix boot-time printk string 2009-06-23 12:50:05 -07:00
omap omap: video: remove direct access of driver_data 2009-07-12 13:02:10 -07:00
pnx4008 [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
riva
savage i2c: Delete many unused adapter IDs 2009-01-26 21:19:52 +01:00
sis sisfb: fix regression with uninitalized fb_info->mm_lock mutex 2009-07-06 13:44:37 -07:00
vermilion removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
via viafb: fix rmmod bug 2009-08-07 10:39:56 -07:00
68328fb.c 68328fb: fix cmap memory leaks 2009-04-01 08:59:31 -07:00
acornfb.c acornfb: remove fb_mmap function 2009-06-16 19:47:59 -07:00
acornfb.h
amba-clcd.c Remove multiple KERN_ prefixes from printk formats 2009-07-08 10:30:03 -07:00
amifb.c amifb: check fb_alloc_cmap return value and handle failure properly 2009-04-01 08:59:31 -07:00
arcfb.c
arkfb.c arkfb: fix misplaced parentheses 2009-04-01 08:59:32 -07:00
asiliantfb.c asiliantfb: add missing return statement 2009-04-21 13:41:47 -07:00
atafb_iplan2p2.c
atafb_iplan2p4.c
atafb_iplan2p8.c
atafb_mfb.c
atafb_utils.h
atafb.c atafb: fix regression with uninitalized fb_info->mm_lock mutex 2009-07-08 09:19:49 -07:00
atafb.h
atmel_lcdfb.c atmel_lcdfb: fix regression with uninitalized fb_info->mm_lock mutex 2009-07-08 14:18:35 -07:00
au1100fb.c platform driver: fix incorrect use of 'platform_bus_type' with 'struct device_driver' 2009-03-24 16:38:25 -07:00
au1100fb.h
au1200fb.c platform driver: fix incorrect use of 'platform_bus_type' with 'struct device_driver' 2009-03-24 16:38:25 -07:00
au1200fb.h
bf54x-lq043fb.c fbdev: bf54x-lq043fb: use kzalloc over kmalloc/memset 2009-06-16 19:48:03 -07:00
bfin-t350mcqb-fb.c fbdev: *bfin*: fix __dev{init,exit} markings 2009-06-16 19:48:03 -07:00
broadsheetfb.c [ARM] 5353/1: fbdev: add E-Ink Broadsheet controller support v3 2009-02-10 11:27:59 +00:00
bt431.h
bt455.h
bw2.c bw2: use standard fields for framebuffer physical address and length 2009-06-16 04:56:30 -07:00
c2p_core.h fbdev: c2p/atafb - Add support for Atari interleaved bitplanes 2009-01-12 20:56:31 +01:00
c2p_iplan2.c fbdev: c2p/atafb - Add support for Atari interleaved bitplanes 2009-01-12 20:56:31 +01:00
c2p_planar.c fbdev: c2p - Rename c2p to c2p_planar 2009-01-12 20:56:32 +01:00
c2p.h fbdev: c2p - Rename c2p to c2p_planar 2009-01-12 20:56:32 +01:00
carminefb_regs.h fbdev: add the carmine FB driver 2008-07-24 10:47:34 -07:00
carminefb.c carminefb: fix possible access beyond end of carmine_modedb[] 2009-06-16 19:47:59 -07:00
carminefb.h fbdev: add the carmine FB driver 2008-07-24 10:47:34 -07:00
cfbcopyarea.c
cfbfillrect.c fbdev: fix fillrect for 24bpp modes 2009-05-06 16:36:10 -07:00
cfbimgblt.c
cg3.c cg3: use standard fields for framebuffer physical address and length 2009-06-16 04:56:34 -07:00
cg6.c cg6: use standard fields for framebuffer physical address and length 2009-06-16 04:56:35 -07:00
cg14.c cg14: use standard fields for framebuffer physical address and length 2009-06-16 04:56:31 -07:00
chipsfb.c chipsfb: remove redundant assignment 2009-06-16 19:47:58 -07:00
cirrusfb.c cirrusfb: do not allow unsupported pixel depth 2009-04-13 15:04:30 -07:00
clps711xfb.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
cobalt_lcdfb.c Update Yoichi Yuasa's e-mail address 2009-07-03 15:45:29 +01:00
controlfb.c powerpc/mm: Rework usage of _PAGE_COHERENT/NO_CACHE/GUARDED 2008-12-21 14:21:16 +11:00
controlfb.h
cyber2000fb.c cyber2000fb.c: use proper method for stopping unload if CONFIG_ARCH_SHARK 2009-06-12 21:46:53 +09:30
cyber2000fb.h
dnfb.c m68k: dnfb doesnt check for Apollo 2008-05-18 13:28:49 -07:00
edid.h
efifb.c fbdev: add support for handoff from firmware to hw framebuffers 2009-06-16 19:48:00 -07:00
epson1355fb.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
fb_ddc.c i2c: Let framebuffer drivers set their I2C bus class to DDC 2008-07-14 22:38:28 +02:00
fb_defio.c mm: page_mkwrite change prototype to match fault 2009-04-01 08:59:14 -07:00
fb_draw.h fbdev: fix fillrect for 24bpp modes 2009-05-06 16:36:10 -07:00
fb_notify.c
fb_sys_fops.c
fbcmap.c fbmem: don't call copy_from/to_user() with mutex held 2009-02-05 12:56:46 -08:00
fbcvt.c
fbmem.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
fbmon.c fbmon: work around compiler bug in gcc-2.4.2 2009-07-22 08:49:22 -07:00
fbsysfs.c Revert "fb: Initialize fb_info mutexes in framebuffer_alloc()" 2009-07-08 09:20:11 -07:00
ffb.c sparc: Annotate of_device_id arrays with const or __initdata. 2008-08-31 01:23:17 -07:00
fm2fb.c
fsl-diu-fb.c fsl-diu-fb: fix regression with uninitalized fb_info->mm_lock mutex 2009-07-08 14:18:35 -07:00
fsl-diu-fb.h
g364fb.c
gbefb.c MIPS: gbe: Make needlessly global symbols static in drivers/video/gbefb.c 2009-05-14 13:50:25 +01:00
gxt4500.c pci: use pci_ioremap_bar() in drivers/video 2009-01-06 15:59:26 -08:00
hecubafb.c
hgafb.c hgafb: convert to new platform driver API 2008-07-24 10:47:39 -07:00
hitfb.c video: hitfb: Move over to dev_pm_ops. 2009-07-07 11:50:57 +09:00
hpfb.c m68k: Return -ENODEV if no device is found 2008-05-18 13:28:50 -07:00
igafb.c igafb: use framebuffer_alloc() to allocate fb_info struct 2009-06-16 19:47:58 -07:00
imsttfb.c
imxfb.c imxfb: Fix TFT mode 2009-03-27 14:51:15 +01:00
Kconfig fb/intelfb: conflict with DRM_I915 and hide by default 2009-07-15 16:01:55 +10:00
leo.c leo: use standard fields for framebuffer physical address and length 2009-06-16 04:56:37 -07:00
macfb.c macfb annotations and compiler warning fix 2008-12-28 20:00:05 +01:00
macmodes.c
macmodes.h
Makefile fb: add support of LCD display controller on pxa168/910 (base layer) 2009-06-13 00:09:09 +08:00
maxinefb.c
metronomefb.c metronomefb: Fix warning when building 64bit 2008-10-15 10:19:51 -07:00
modedb.c fbdev: add video modes for resolutions and timings of PAL RGB 2009-06-16 19:47:58 -07:00
mx3fb.c mx3fb: fix regression with uninitalized fb_info->mm_lock mutex 2009-07-09 20:44:44 -07:00
n411.c
neofb.c neofb: fix sparse warnings 2009-01-06 15:59:27 -08:00
offb.c fbdev: use framebuffer_release() for freeing fb_info structures 2009-06-16 19:48:00 -07:00
output.c video: struct device - replace bus_id with dev_name(), dev_set_name() 2009-01-06 10:44:35 -08:00
p9100.c p9100: use standard fields for framebuffer physical address and length 2009-06-16 04:56:38 -07:00
platinumfb.c fbdev: add mutex for fb_mmap locking 2009-06-30 18:56:00 -07:00
platinumfb.h
pm2fb.c fbdev: use framebuffer_release() for freeing fb_info structures 2009-06-16 19:48:00 -07:00
pm3fb.c pm3fb: fix sparse warning 2009-01-06 15:59:27 -08:00
pmag-aa-fb.c
pmag-ba-fb.c video: struct device - replace bus_id with dev_name(), dev_set_name() 2009-03-24 16:38:21 -07:00
pmagb-b-fb.c video: struct device - replace bus_id with dev_name(), dev_set_name() 2009-03-24 16:38:21 -07:00
ps3fb.c ps3fb: Use ps3_system_bus_[gs]et_drvdata() instead of direct access 2009-06-15 16:47:25 +10:00
pvr2fb.c sh: dma: Make PVR2 DMA configurable. 2009-03-17 09:30:36 +09:00
pxa168fb.c fb: add support of LCD display controller on pxa168/910 (base layer) 2009-06-13 00:09:09 +08:00
pxa168fb.h fb: add support of LCD display controller on pxa168/910 (base layer) 2009-06-13 00:09:09 +08:00
pxafb.c fbdev: add mutex for fb_mmap locking 2009-06-30 18:56:00 -07:00
pxafb.h [ARM] pxafb: add support for overlay1 and overlay2 as framebuffer devices 2008-12-29 18:00:04 +08:00
q40fb.c
s1d13xxxfb.c fbdev: s1d13xxxfb: add accelerated bitblt functions 2009-06-16 19:48:00 -07:00
s3c2410fb.c s3c-fb: CPUFREQ frequency scaling support 2009-06-16 19:47:59 -07:00
s3c2410fb.h s3c-fb: CPUFREQ frequency scaling support 2009-06-16 19:47:59 -07:00
s3c-fb.c s3c-fb: fix off-by-one bug in loop indexes 2009-07-29 19:10:34 -07:00
s3fb.c s3fb: fix color component length for pseudocolor modes 2009-04-13 15:04:29 -07:00
sa1100fb.c sa1100fb: fix color component length for pseudocolor modes 2009-04-13 15:04:29 -07:00
sa1100fb.h sa1100fb: fix color component length for pseudocolor modes 2009-04-13 15:04:29 -07:00
sbuslib.c sparc video: remove open boot prom code 2008-05-08 21:37:30 -07:00
sbuslib.h sparc video: remove open boot prom code 2008-05-08 21:37:30 -07:00
sgivwfb.c drivers/video/sgivwfb.c: fix memory leaks in removal path 2009-04-01 08:59:30 -07:00
sh7760fb.c fbdev: add mutex for fb_mmap locking 2009-06-30 18:56:00 -07:00
sh_mobile_lcdcfb.c video: sh_mobile_lcdcfb: Convert to framebuffer_alloc(). 2009-07-07 11:24:32 +09:00
skeletonfb.c fbdev: fix color component field length documentation 2009-04-13 15:04:29 -07:00
sm501fb.c sm501fb: fix regression with uninitalized fb_info->mm_lock mutex 2009-07-09 20:44:44 -07:00
sstfb.c sstfb: check fb_alloc_cmap return value and handle failure properly 2009-04-01 08:59:30 -07:00
sticore.h video/console/stico{n,re}.c: make code static 2008-07-26 12:00:12 -07:00
stifb.c Remove multiple KERN_ prefixes from printk formats 2009-07-08 10:30:03 -07:00
sunxvr500.c sunxvr500: fix cmap memory leaks 2009-04-01 08:59:31 -07:00
sunxvr2500.c sparc video: remove open boot prom code 2008-05-08 21:37:30 -07:00
svgalib.c
syscopyarea.c
sysfillrect.c fbdev: fix fillrect for 24bpp modes 2009-05-06 16:36:10 -07:00
sysimgblt.c
tcx.c tcx: use standard fields for framebuffer physical address and length 2009-06-16 19:48:00 -07:00
tdfxfb.c i2c: Do not probe for TV chips on Voodoo3 adapters 2009-06-15 18:01:48 +02:00
tgafb.c tgafb: fix cmap memory leak 2009-04-01 08:59:31 -07:00
tmiofb.c video: struct device - replace bus_id with dev_name(), dev_set_name() 2009-03-24 16:38:21 -07:00
tridentfb.c tridentfb: delete acceleration Kconfig option 2009-04-01 08:59:34 -07:00
uvesafb.c uvesafb: improve parameter handling. 2009-06-12 21:46:59 +09:30
valkyriefb.c valkyriefb: check fb_alloc_cmap return value and handle failure properly 2009-04-01 08:59:31 -07:00
valkyriefb.h
vesafb.c fbdev: add support for handoff from firmware to hw framebuffers 2009-06-16 19:48:00 -07:00
vfb.c fbdev: fix color component field length documentation 2009-04-13 15:04:29 -07:00
vga16fb.c vga16fb: remove open_lock mutex 2008-10-16 11:21:42 -07:00
vgastate.c
vt8623fb.c removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
w100fb.c w100fb: fix regression with uninitalized fb_info->mm_lock mutex 2009-07-08 09:19:49 -07:00
w100fb.h
xen-fbfront.c xen: remove driver_data direct access of struct device from more drivers 2009-06-15 21:30:28 -07:00
xilinxfb.c fbdev/xilinxfb: Fix improper casting and tighen up probe path 2009-06-17 00:30:02 -06:00