| Message ID | 20250402083628.20111-5-angelogioacchino.delregno@collabora.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | drm/mediatek: Cleanups and sanitization | expand |
On Wed, Apr 2, 2025 at 4:36 PM AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> wrote: > > The OVL driver is installing an ISR in the probe function but, if > the component is not bound yet, the interrupt handler may call the > vblank_cb ahead of time (while probing other drivers) or too late > (while removing other drivers), possibly accessing memory that it > should not try to access by reusing stale pointers. > > In order to fix this, add a new `irq` member to struct mtk_disp_ovl > and then set the NOAUTOEN flag to the irq before installing the ISR > to manually call enable_irq() and disable_irq() in the bind and > unbind callbacks respectively. > > Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.") > Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> > --- > drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 19 +++++++++++++------ > 1 file changed, 13 insertions(+), 6 deletions(-) > > diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c > index df82cea4bb79..1bff3a1273f6 100644 > --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c > +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c > @@ -161,6 +161,7 @@ struct mtk_disp_ovl { > struct drm_crtc *crtc; > struct clk *clk; > void __iomem *regs; > + int irq; > struct cmdq_client_reg cmdq_reg; > const struct mtk_disp_ovl_data *data; > void (*vblank_cb)(void *data); > @@ -587,12 +588,18 @@ void mtk_ovl_bgclr_in_off(struct device *dev) > static int mtk_disp_ovl_bind(struct device *dev, struct device *master, > void *data) > { > + struct mtk_disp_ovl *priv = dev_get_drvdata(dev); > + > + enable_irq(priv->irq); > return 0; > } > > static void mtk_disp_ovl_unbind(struct device *dev, struct device *master, > void *data) > { > + struct mtk_disp_ovl *priv = dev_get_drvdata(dev); > + > + disable_irq(priv->irq); > } > > static const struct component_ops mtk_disp_ovl_component_ops = { > @@ -605,16 +612,15 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev) > struct device *dev = &pdev->dev; > struct mtk_disp_ovl *priv; > struct resource *res; > - int irq; > int ret; > > priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); > if (!priv) > return -ENOMEM; > > - irq = platform_get_irq(pdev, 0); > - if (irq < 0) > - return irq; > + priv->irq = platform_get_irq(pdev, 0); > + if (priv->irq < 0) > + return priv->irq; > > priv->clk = devm_clk_get(dev, NULL); > if (IS_ERR(priv->clk)) > @@ -635,10 +641,11 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev) > priv->data = of_device_get_match_data(dev); > platform_set_drvdata(pdev, priv); > > - ret = devm_request_irq(dev, irq, mtk_disp_ovl_irq_handler, > + irq_set_status_flags(priv->irq, IRQ_NOAUTOEN); > + ret = devm_request_irq(dev, priv->irq, mtk_disp_ovl_irq_handler, > IRQF_TRIGGER_NONE, dev_name(dev), priv); Use IRQF_NO_AUTOEN here? Also, IRQF_TRIGGER_NONE can be dropped. Make sense otherwise. ChenYu > if (ret < 0) > - return dev_err_probe(dev, ret, "Failed to request irq %d\n", irq); > + return dev_err_probe(dev, ret, "Failed to request irq %d\n", priv->irq); > > pm_runtime_enable(dev); > > -- > 2.48.1 >
Il 02/04/25 11:38, Chen-Yu Tsai ha scritto: > On Wed, Apr 2, 2025 at 4:36 PM AngeloGioacchino Del Regno > <angelogioacchino.delregno@collabora.com> wrote: >> >> The OVL driver is installing an ISR in the probe function but, if >> the component is not bound yet, the interrupt handler may call the >> vblank_cb ahead of time (while probing other drivers) or too late >> (while removing other drivers), possibly accessing memory that it >> should not try to access by reusing stale pointers. >> >> In order to fix this, add a new `irq` member to struct mtk_disp_ovl >> and then set the NOAUTOEN flag to the irq before installing the ISR >> to manually call enable_irq() and disable_irq() in the bind and >> unbind callbacks respectively. >> >> Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.") >> Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> >> --- >> drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 19 +++++++++++++------ >> 1 file changed, 13 insertions(+), 6 deletions(-) >> >> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c >> index df82cea4bb79..1bff3a1273f6 100644 >> --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c >> +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c >> @@ -161,6 +161,7 @@ struct mtk_disp_ovl { >> struct drm_crtc *crtc; >> struct clk *clk; >> void __iomem *regs; >> + int irq; >> struct cmdq_client_reg cmdq_reg; >> const struct mtk_disp_ovl_data *data; >> void (*vblank_cb)(void *data); >> @@ -587,12 +588,18 @@ void mtk_ovl_bgclr_in_off(struct device *dev) >> static int mtk_disp_ovl_bind(struct device *dev, struct device *master, >> void *data) >> { >> + struct mtk_disp_ovl *priv = dev_get_drvdata(dev); >> + >> + enable_irq(priv->irq); >> return 0; >> } >> >> static void mtk_disp_ovl_unbind(struct device *dev, struct device *master, >> void *data) >> { >> + struct mtk_disp_ovl *priv = dev_get_drvdata(dev); >> + >> + disable_irq(priv->irq); >> } >> >> static const struct component_ops mtk_disp_ovl_component_ops = { >> @@ -605,16 +612,15 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev) >> struct device *dev = &pdev->dev; >> struct mtk_disp_ovl *priv; >> struct resource *res; >> - int irq; >> int ret; >> >> priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); >> if (!priv) >> return -ENOMEM; >> >> - irq = platform_get_irq(pdev, 0); >> - if (irq < 0) >> - return irq; >> + priv->irq = platform_get_irq(pdev, 0); >> + if (priv->irq < 0) >> + return priv->irq; >> >> priv->clk = devm_clk_get(dev, NULL); >> if (IS_ERR(priv->clk)) >> @@ -635,10 +641,11 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev) >> priv->data = of_device_get_match_data(dev); >> platform_set_drvdata(pdev, priv); >> >> - ret = devm_request_irq(dev, irq, mtk_disp_ovl_irq_handler, >> + irq_set_status_flags(priv->irq, IRQ_NOAUTOEN); >> + ret = devm_request_irq(dev, priv->irq, mtk_disp_ovl_irq_handler, >> IRQF_TRIGGER_NONE, dev_name(dev), priv); > > Use IRQF_NO_AUTOEN here? Also, IRQF_TRIGGER_NONE can be dropped. > Yeah, nice one. Thanks! Cheers, Angelo > Make sense otherwise. > > ChenYu > >> if (ret < 0) >> - return dev_err_probe(dev, ret, "Failed to request irq %d\n", irq); >> + return dev_err_probe(dev, ret, "Failed to request irq %d\n", priv->irq); >> >> pm_runtime_enable(dev); >> >> -- >> 2.48.1 >>
diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c index df82cea4bb79..1bff3a1273f6 100644 --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c @@ -161,6 +161,7 @@ struct mtk_disp_ovl { struct drm_crtc *crtc; struct clk *clk; void __iomem *regs; + int irq; struct cmdq_client_reg cmdq_reg; const struct mtk_disp_ovl_data *data; void (*vblank_cb)(void *data); @@ -587,12 +588,18 @@ void mtk_ovl_bgclr_in_off(struct device *dev) static int mtk_disp_ovl_bind(struct device *dev, struct device *master, void *data) { + struct mtk_disp_ovl *priv = dev_get_drvdata(dev); + + enable_irq(priv->irq); return 0; } static void mtk_disp_ovl_unbind(struct device *dev, struct device *master, void *data) { + struct mtk_disp_ovl *priv = dev_get_drvdata(dev); + + disable_irq(priv->irq); } static const struct component_ops mtk_disp_ovl_component_ops = { @@ -605,16 +612,15 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev) struct device *dev = &pdev->dev; struct mtk_disp_ovl *priv; struct resource *res; - int irq; int ret; priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); if (!priv) return -ENOMEM; - irq = platform_get_irq(pdev, 0); - if (irq < 0) - return irq; + priv->irq = platform_get_irq(pdev, 0); + if (priv->irq < 0) + return priv->irq; priv->clk = devm_clk_get(dev, NULL); if (IS_ERR(priv->clk)) @@ -635,10 +641,11 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev) priv->data = of_device_get_match_data(dev); platform_set_drvdata(pdev, priv); - ret = devm_request_irq(dev, irq, mtk_disp_ovl_irq_handler, + irq_set_status_flags(priv->irq, IRQ_NOAUTOEN); + ret = devm_request_irq(dev, priv->irq, mtk_disp_ovl_irq_handler, IRQF_TRIGGER_NONE, dev_name(dev), priv); if (ret < 0) - return dev_err_probe(dev, ret, "Failed to request irq %d\n", irq); + return dev_err_probe(dev, ret, "Failed to request irq %d\n", priv->irq); pm_runtime_enable(dev);
The OVL driver is installing an ISR in the probe function but, if the component is not bound yet, the interrupt handler may call the vblank_cb ahead of time (while probing other drivers) or too late (while removing other drivers), possibly accessing memory that it should not try to access by reusing stale pointers. In order to fix this, add a new `irq` member to struct mtk_disp_ovl and then set the NOAUTOEN flag to the irq before installing the ISR to manually call enable_irq() and disable_irq() in the bind and unbind callbacks respectively. Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.") Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> --- drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-)