[drm-misc-next,0/3] Fixes for vc4 hotplug rework

Message ID	20220819002905.82095-1-dakr@redhat.com (mailing list archive)
Headers	show Return-Path: <dri-devel-bounces@lists.freedesktop.org> From: Danilo Krummrich <dakr@redhat.com> To: daniel@ffwll.ch, airlied@linux.ie, tzimmermann@suse.de, mripard@kernel.org Subject: [PATCH drm-misc-next 0/3] Fixes for vc4 hotplug rework Date: Fri, 19 Aug 2022 02:29:02 +0200 Message-Id: <20220819002905.82095-1-dakr@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true Precedence: list Cc: Danilo Krummrich <dakr@redhat.com>, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
Series	Fixes for vc4 hotplug rework \| expand [drm-misc-next,0/3] Fixes for vc4 hotplug rework [drm-misc-next,1/3] drm/vc4: hdmi: unlock mutex when device is unplugged [drm-misc-next,2/3] drm/vc4: plane: protect device resources after removal [drm-misc-next,3/3] drm/vc4: crtc: protect device resources after removal

Message ID

20220819002905.82095-1-dakr@redhat.com (mailing list archive)

Headers

From: Danilo Krummrich <dakr@redhat.com>
To: daniel@ffwll.ch, airlied@linux.ie, tzimmermann@suse.de, mripard@kernel.org
Subject: [PATCH drm-misc-next 0/3] Fixes for vc4 hotplug rework
Date: Fri, 19 Aug 2022 02:29:02 +0200
Message-Id: <20220819002905.82095-1-dakr@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true
Precedence: list
Cc: Danilo Krummrich <dakr@redhat.com>, linux-kernel@vger.kernel.org,
 dri-devel@lists.freedesktop.org
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>

Series

Fixes for vc4 hotplug rework | expand

Message

Danilo Krummrich Aug. 19, 2022, 12:29 a.m. UTC

Hi,

I've found a few potential issues left after the hotplug rework.

In vc4_hdmi.c we're missing two mutex_unlock() calls when the device is
unplugged.

vc4_crtc and vc4_plane seem to miss some drm_dev_enter()/drm_dev_exit() calls
to protect against resource access after the device/driver is unbound, but the
DRM potentially isn't freed yet and userspace can still call into the driver.

Danilo Krummrich (3):
  drm/vc4: hdmi: unlock mutex when device is unplugged
  drm/vc4: plane: protect device resources after removal
  drm/vc4: crtc: protect device resources after removal

 drivers/gpu/drm/vc4/vc4_crtc.c  | 41 ++++++++++++++++++++++++++++++++-
 drivers/gpu/drm/vc4/vc4_drv.h   |  1 +
 drivers/gpu/drm/vc4/vc4_hdmi.c  |  7 ++++--
 drivers/gpu/drm/vc4/vc4_plane.c | 25 ++++++++++++++++++++
 4 files changed, 71 insertions(+), 3 deletions(-)


base-commit: 8ba9249396bef37cb68be9e8dee7847f1737db9d

Comments

Maxime Ripard Aug. 19, 2022, 7:26 a.m. UTC | #1

Hi,

On Fri, Aug 19, 2022 at 02:29:04AM +0200, Danilo Krummrich wrote:
> (Hardware) resources which are bound to the driver and device lifecycle
> must not be accessed after the device and driver are unbound.
> 
> However, the DRM device isn't freed as long as the last user closed it,
> hence userspace can still call into the driver.
> 
> Therefore protect the critical sections which are accessing those
> resources with drm_dev_enter() and drm_dev_exit().

Ah good catch, thanks

> Fixes: 9872c7a31921 ("drm/vc4: plane: Switch to drmm_universal_plane_alloc()")
> Signed-off-by: Danilo Krummrich <dakr@redhat.com>
> ---
>  drivers/gpu/drm/vc4/vc4_drv.h   |  1 +
>  drivers/gpu/drm/vc4/vc4_plane.c | 25 +++++++++++++++++++++++++
>  2 files changed, 26 insertions(+)
> 
> diff --git a/drivers/gpu/drm/vc4/vc4_drv.h b/drivers/gpu/drm/vc4/vc4_drv.h
> index 418a8242691f..80da9a9337cc 100644
> --- a/drivers/gpu/drm/vc4/vc4_drv.h
> +++ b/drivers/gpu/drm/vc4/vc4_drv.h
> @@ -341,6 +341,7 @@ struct vc4_hvs {
>  
>  struct vc4_plane {
>  	struct drm_plane base;
> +	struct drm_device *dev;

That pointer already exists in struct drm_plane

Looks good otherwise

Maxime

Danilo Krummrich Aug. 19, 2022, 11:11 a.m. UTC | #2

Hi Maxime,

On 8/19/22 09:26, Maxime Ripard wrote:
> Hi,
> 
> On Fri, Aug 19, 2022 at 02:29:04AM +0200, Danilo Krummrich wrote:
>> (Hardware) resources which are bound to the driver and device lifecycle
>> must not be accessed after the device and driver are unbound.
>>
>> However, the DRM device isn't freed as long as the last user closed it,
>> hence userspace can still call into the driver.
>>
>> Therefore protect the critical sections which are accessing those
>> resources with drm_dev_enter() and drm_dev_exit().
> 
> Ah good catch, thanks
> 
>> Fixes: 9872c7a31921 ("drm/vc4: plane: Switch to drmm_universal_plane_alloc()")
>> Signed-off-by: Danilo Krummrich <dakr@redhat.com>
>> ---
>>   drivers/gpu/drm/vc4/vc4_drv.h   |  1 +
>>   drivers/gpu/drm/vc4/vc4_plane.c | 25 +++++++++++++++++++++++++
>>   2 files changed, 26 insertions(+)
>>
>> diff --git a/drivers/gpu/drm/vc4/vc4_drv.h b/drivers/gpu/drm/vc4/vc4_drv.h
>> index 418a8242691f..80da9a9337cc 100644
>> --- a/drivers/gpu/drm/vc4/vc4_drv.h
>> +++ b/drivers/gpu/drm/vc4/vc4_drv.h
>> @@ -341,6 +341,7 @@ struct vc4_hvs {
>>   
>>   struct vc4_plane {
>>   	struct drm_plane base;
>> +	struct drm_device *dev;
> 
> That pointer already exists in struct drm_plane
Oops, I've sent a v2. Also addressing your comment from the other patch.

- Danilo
> 
> Looks good otherwise
> 
> Maxime