From patchwork Sun Sep 24 19:25:59 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Jernej_=C5=A0krabec?=
 <jernej.skrabec@gmail.com>
X-Patchwork-Id: 13397069
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 47CFCCE7A8F
	for <linux-arm-kernel@archiver.kernel.org>;
 Sun, 24 Sep 2023 19:26:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=yq3gJgLu1OOhreK8oy/D70jDO+UgAwg8b0nK5nlx/ME=; b=IUkqNZdG299KuL
	N8LjsZq5imDNNa44xHBmu67XTpUeqdKWj6zPv/Xgyu91aucmfg2ToJJ/rSJjBKZSFbPI4nBHtg2qx
	91k5r893SRlmhLpZAsHkm+Li4hv1M7vywCmAiGryM28aFTFgk3Zm0mn3ZkGgnd5taaER8PACIzQmy
	aH4hUTZKnVQce+U27RHMh6rNP/E5+fSfdNv4oi+nxWkUEgaLgPh/4JjyQGxC/OWLGcBKNjEFZOeHR
	+CrW0HxyEk6LweQX6VYXf4/vvKn2XqvplI7Mn+aiLqfO1QHXW5ZqXbxtqmtfPwTwbXCTmqc23U8JC
	XAh2XgHebhi6iy9US55A==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux))
	id 1qkUkK-00CgYA-1M;
	Sun, 24 Sep 2023 19:26:24 +0000
Received: from mail-ej1-x635.google.com ([2a00:1450:4864:20::635])
	by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux))
	id 1qkUkB-00CgTu-3A
	for linux-arm-kernel@lists.infradead.org;
	Sun, 24 Sep 2023 19:26:17 +0000
Received: by mail-ej1-x635.google.com with SMTP id
 a640c23a62f3a-9b275afb6abso281653766b.1
        for <linux-arm-kernel@lists.infradead.org>;
 Sun, 24 Sep 2023 12:26:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1695583575; x=1696188375;
 darn=lists.infradead.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=7GGwz4wHTU6Hq3RRU7lNI3Q1wc2dl9iWY5fWoPCz14w=;
        b=ZNfcFMQvOn+R3g6xLUmmB3PeiCvh6jSeVySyKNM88hmZlF5YSWn3KzH/J1CWqg8UcL
         Gk12xPeJJiR+BDKfSAEb29ldjMuEZt5rtCWqyfjy7esJrJcqmISXeCwnt0T8St1BDgYQ
         i8UjW6x2sahY5NWywIflfT/squ3sOKwL34sjdFely8nwp9TK7i0qQ4xqZ4l93R6b21T0
         4NH3cStdDTNN4TS91tmOmOA5bzvkGMJESBi9WcTCabye/29FhyQ+3/ediqZU1vhgk444
         0tKdNc0yCfwUl6wxa3KN9cOPEycCKIXmppIoRMzGg4VYVtQN24pQ68R6faZq3zW10IA0
         tkXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1695583575; x=1696188375;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=7GGwz4wHTU6Hq3RRU7lNI3Q1wc2dl9iWY5fWoPCz14w=;
        b=OcWXf4zmhqTwFCeR7dECMvBSSd9znIcJw4y1/MRszo4kQh9+kTePxaBbCil7hlVmkE
         EHGKFBDAVJdTf3Q92nvR5Z6/vGO9q4vRFKCo2nnEojy2d2K/HUVb4UvNfUR9WRReB2ft
         2yy4sTjUk7QLEjQdA+ZWU01O9YHCIL5Wcl0gqP0tEHaSQKkEqoS22kcbB5s6vPWu5blR
         xYm2hViLh4y6wj5KPwsyCl5vIXi2Xvcprv4hyURXxohx3glNtE1O8QsXfTK7dEi7HwQy
         fS/5ikNPgq0V3M3NyTCJxo0NCqE0pebmGapJagRS4epi7K9ewqIzcEsLp3RYzx0D8UTT
         bX0w==
X-Gm-Message-State: AOJu0YzjYB/UX8SKVm1Od4UgwFTgRItgC2YQx3ZQz/Gz8a0koQN2cRiq
	zberVLAK/rEL8P9ZuDFPgEq+LFSWGz6iPg==
X-Google-Smtp-Source: 
 AGHT+IGrm0GcL+bThs+FW6loLKtnsAa0IIh3+UexCsckNUEBFlIPvms+brojuoJoSOy/PrKpwCa8JQ==
X-Received: by 2002:a17:907:ea5:b0:9a1:e0b1:e919 with SMTP id
 ho37-20020a1709070ea500b009a1e0b1e919mr13414633ejc.4.1695583574659;
        Sun, 24 Sep 2023 12:26:14 -0700 (PDT)
Received: from localhost.localdomain (82-149-12-148.dynamic.telemach.net.
 [82.149.12.148])
        by smtp.gmail.com with ESMTPSA id
 z21-20020a1709063a1500b0099d0c0bb92bsm5317632eje.80.2023.09.24.12.26.13
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 24 Sep 2023 12:26:14 -0700 (PDT)
From: Jernej Skrabec <jernej.skrabec@gmail.com>
To: mripard@kernel.org,
	wens@csie.org
Cc: airlied@gmail.com,
	daniel@ffwll.ch,
	samuel@sholland.org,
	dri-devel@lists.freedesktop.org,
	linux-arm-kernel@lists.infradead.org,
	linux-sunxi@lists.linux.dev,
	linux-kernel@vger.kernel.org,
	Jernej Skrabec <jernej.skrabec@gmail.com>
Subject: [PATCH 2/7] drm/sun4i: dw-hdmi: Remove double encoder cleanup
Date: Sun, 24 Sep 2023 21:25:59 +0200
Message-ID: <20230924192604.3262187-3-jernej.skrabec@gmail.com>
X-Mailer: git-send-email 2.42.0
In-Reply-To: <20230924192604.3262187-1-jernej.skrabec@gmail.com>
References: <20230924192604.3262187-1-jernej.skrabec@gmail.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20230924_122616_022769_224C2A8F 
X-CRM114-Status: GOOD (  15.97  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

It turns out that comment is wrong - dw hdmi driver never does any
encoder cleanup. In fact, cleanup is done automatically, in destroy
callback of encoder. Even more, encoder memory will be freed when hdmi
device is destroyed. However, encoder will be cleaned up after that, in
drm_mode_config_cleanup(), which is called later. This will cause use
after free bug.

Remove redundant encoder cleanup, switch memory allocation to live as
long as drm object and while at it, check return code of encoder
initialization.

Fixes: b7c7436a5ff0 ("drm/sun4i: Implement A83T HDMI driver")
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Acked-by: Maxime Ripard <mripard@kernel.org>
---
 drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c b/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c
index 0b647b030b15..8f8d3bdba5ce 100644
--- a/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c
+++ b/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c
@@ -8,6 +8,7 @@
 #include <linux/of.h>
 #include <linux/platform_device.h>
 
+#include <drm/drm_managed.h>
 #include <drm/drm_modeset_helper_vtables.h>
 #include <drm/drm_of.h>
 #include <drm/drm_simple_kms_helper.h>
@@ -107,7 +108,7 @@ static int sun8i_dw_hdmi_bind(struct device *dev, struct device *master,
 	if (!pdev->dev.of_node)
 		return -ENODEV;
 
-	hdmi = devm_kzalloc(&pdev->dev, sizeof(*hdmi), GFP_KERNEL);
+	hdmi = drmm_kzalloc(drm, sizeof(*hdmi), GFP_KERNEL);
 	if (!hdmi)
 		return -ENOMEM;
 
@@ -180,7 +181,9 @@ static int sun8i_dw_hdmi_bind(struct device *dev, struct device *master,
 		goto err_disable_clk_tmds;
 
 	drm_encoder_helper_add(encoder, &sun8i_dw_hdmi_encoder_helper_funcs);
-	drm_simple_encoder_init(drm, encoder, DRM_MODE_ENCODER_TMDS);
+	ret = drm_simple_encoder_init(drm, encoder, DRM_MODE_ENCODER_TMDS);
+	if (ret)
+		goto err_deinit_phy;
 
 	plat_data->mode_valid = hdmi->quirks->mode_valid;
 	plat_data->use_drm_infoframe = hdmi->quirks->use_drm_infoframe;
@@ -189,20 +192,14 @@ static int sun8i_dw_hdmi_bind(struct device *dev, struct device *master,
 	platform_set_drvdata(pdev, hdmi);
 
 	hdmi->hdmi = dw_hdmi_bind(pdev, encoder, plat_data);
-
-	/*
-	 * If dw_hdmi_bind() fails we'll never call dw_hdmi_unbind(),
-	 * which would have called the encoder cleanup.  Do it manually.
-	 */
 	if (IS_ERR(hdmi->hdmi)) {
 		ret = PTR_ERR(hdmi->hdmi);
-		goto cleanup_encoder;
+		goto err_deinit_phy;
 	}
 
 	return 0;
 
-cleanup_encoder:
-	drm_encoder_cleanup(encoder);
+err_deinit_phy:
 	sun8i_hdmi_phy_deinit(hdmi->phy);
 err_disable_clk_tmds:
 	clk_disable_unprepare(hdmi->clk_tmds);