Hi,
I've found a few potential issues left after the hotplug rework.
In vc4_hdmi.c we're missing two mutex_unlock() calls when the device is
unplugged.
vc4_crtc and vc4_plane seem to miss some drm_dev_enter()/drm_dev_exit() calls
to protect against resource access after the device/driver is unbound, but the
DRM potentially isn't freed yet and userspace can still call into the driver.
Changes in v2:
- Use drm_device pointer from struct drm_plane (Maxime)
- Protect entire functions to increase readability (Maxime)
- Add another patch to fix an uncovered MMIO access in vc4_hvs.c
Changes in v3:
- vc4_plane: Actually protect entire functions to increase readability (Maxime)
Danilo Krummrich (4):
drm/vc4: hdmi: unlock mutex when device is unplugged
drm/vc4: plane: protect device resources after removal
drm/vc4: crtc: protect device resources after removal
drm/vc4: hvs: protect drm_print_regset32()
drivers/gpu/drm/vc4/vc4_crtc.c | 41 ++++++++++++++++++++++++++++++++-
drivers/gpu/drm/vc4/vc4_hdmi.c | 7 ++++--
drivers/gpu/drm/vc4/vc4_hvs.c | 4 ++--
drivers/gpu/drm/vc4/vc4_plane.c | 20 ++++++++++++++++
4 files changed, 67 insertions(+), 5 deletions(-)
base-commit: 4d07b0bc403403438d9cf88450506240c5faf92f
--
2.37.2
In vc4_hdmi_encoder_{pre,post}_crtc_enable() commit cd00ed5187bf
("drm/vc4: hdmi: Protect device resources after removal") missed to
unlock the mutex before returning due to drm_dev_enter() indicating the
device being unplugged.
Fixes: cd00ed5187bf ("drm/vc4: hdmi: Protect device resources after removal")
Signed-off-by: Danilo Krummrich <[email protected]>
---
drivers/gpu/drm/vc4/vc4_hdmi.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_hdmi.c b/drivers/gpu/drm/vc4/vc4_hdmi.c
index 84e5a91c2ea7..4d3ff51ad2a8 100644
--- a/drivers/gpu/drm/vc4/vc4_hdmi.c
+++ b/drivers/gpu/drm/vc4/vc4_hdmi.c
@@ -1425,7 +1425,7 @@ static void vc4_hdmi_encoder_pre_crtc_enable(struct drm_encoder *encoder,
mutex_lock(&vc4_hdmi->mutex);
if (!drm_dev_enter(drm, &idx))
- return;
+ goto out;
if (vc4_hdmi->variant->csc_setup)
vc4_hdmi->variant->csc_setup(vc4_hdmi, conn_state, mode);
@@ -1436,6 +1436,7 @@ static void vc4_hdmi_encoder_pre_crtc_enable(struct drm_encoder *encoder,
drm_dev_exit(idx);
+out:
mutex_unlock(&vc4_hdmi->mutex);
}
@@ -1455,7 +1456,7 @@ static void vc4_hdmi_encoder_post_crtc_enable(struct drm_encoder *encoder,
mutex_lock(&vc4_hdmi->mutex);
if (!drm_dev_enter(drm, &idx))
- return;
+ goto out;
spin_lock_irqsave(&vc4_hdmi->hw_lock, flags);
@@ -1516,6 +1517,8 @@ static void vc4_hdmi_encoder_post_crtc_enable(struct drm_encoder *encoder,
vc4_hdmi_enable_scrambling(encoder);
drm_dev_exit(idx);
+
+out:
mutex_unlock(&vc4_hdmi->mutex);
}
--
2.37.2
On Wed, 24 Aug 2022 18:13:23 +0200, Danilo Krummrich wrote:
> I've found a few potential issues left after the hotplug rework.
>
> In vc4_hdmi.c we're missing two mutex_unlock() calls when the device is
> unplugged.
>
> vc4_crtc and vc4_plane seem to miss some drm_dev_enter()/drm_dev_exit() calls
> to protect against resource access after the device/driver is unbound, but the
> DRM potentially isn't freed yet and userspace can still call into the driver.
>
> [...]
Applied to drm/drm-misc (drm-misc-next).
Thanks!
Maxime