2022-10-01 01:38:01

by Danilo Krummrich

[permalink] [raw]
Subject: [PATCH drm-misc-next v3 5/7] drm/arm/hdlcd: crtc: protect device resources after removal

(Hardware) resources which are bound to the driver and device lifecycle
must not be accessed after the device and driver are unbound.

However, the DRM device isn't freed as long as the last user didn't
close it, hence userspace can still call into the driver.

Therefore protect the critical sections which are accessing those
resources with drm_dev_enter() and drm_dev_exit().

Signed-off-by: Danilo Krummrich <[email protected]>
---
drivers/gpu/drm/arm/hdlcd_crtc.c | 60 +++++++++++++++++++++++++++++---
1 file changed, 55 insertions(+), 5 deletions(-)

diff --git a/drivers/gpu/drm/arm/hdlcd_crtc.c b/drivers/gpu/drm/arm/hdlcd_crtc.c
index 1de0f7b23766..7ce88fb6e822 100644
--- a/drivers/gpu/drm/arm/hdlcd_crtc.c
+++ b/drivers/gpu/drm/arm/hdlcd_crtc.c
@@ -18,6 +18,7 @@
#include <drm/drm_atomic.h>
#include <drm/drm_atomic_helper.h>
#include <drm/drm_crtc.h>
+#include <drm/drm_drv.h>
#include <drm/drm_fb_dma_helper.h>
#include <drm/drm_fb_helper.h>
#include <drm/drm_framebuffer.h>
@@ -39,28 +40,50 @@
static void hdlcd_crtc_cleanup(struct drm_crtc *crtc)
{
struct hdlcd_drm_private *hdlcd = crtc_to_hdlcd_priv(crtc);
+ int idx;
+
+ if (!drm_dev_enter(crtc->dev, &idx))
+ goto cleanup;

/* stop the controller on cleanup */
hdlcd_write(hdlcd, HDLCD_REG_COMMAND, 0);
+
+ drm_dev_exit(idx);
+
+cleanup:
drm_crtc_cleanup(crtc);
}

static int hdlcd_crtc_enable_vblank(struct drm_crtc *crtc)
{
struct hdlcd_drm_private *hdlcd = crtc_to_hdlcd_priv(crtc);
- unsigned int mask = hdlcd_read(hdlcd, HDLCD_REG_INT_MASK);
+ unsigned int mask;
+ int idx;

+ if (!drm_dev_enter(crtc->dev, &idx))
+ return -ENODEV;
+
+ mask = hdlcd_read(hdlcd, HDLCD_REG_INT_MASK);
hdlcd_write(hdlcd, HDLCD_REG_INT_MASK, mask | HDLCD_INTERRUPT_VSYNC);

+ drm_dev_exit(idx);
+
return 0;
}

static void hdlcd_crtc_disable_vblank(struct drm_crtc *crtc)
{
struct hdlcd_drm_private *hdlcd = crtc_to_hdlcd_priv(crtc);
- unsigned int mask = hdlcd_read(hdlcd, HDLCD_REG_INT_MASK);
+ unsigned int mask;
+ int idx;

+ if (!drm_dev_enter(crtc->dev, &idx))
+ return;
+
+ mask = hdlcd_read(hdlcd, HDLCD_REG_INT_MASK);
hdlcd_write(hdlcd, HDLCD_REG_INT_MASK, mask & ~HDLCD_INTERRUPT_VSYNC);
+
+ drm_dev_exit(idx);
}

static const struct drm_crtc_funcs hdlcd_crtc_funcs = {
@@ -171,21 +194,33 @@ static void hdlcd_crtc_atomic_enable(struct drm_crtc *crtc,
struct drm_atomic_state *state)
{
struct hdlcd_drm_private *hdlcd = crtc_to_hdlcd_priv(crtc);
+ int idx;
+
+ if (!drm_dev_enter(crtc->dev, &idx))
+ return;

clk_prepare_enable(hdlcd->clk);
hdlcd_crtc_mode_set_nofb(crtc);
hdlcd_write(hdlcd, HDLCD_REG_COMMAND, 1);
drm_crtc_vblank_on(crtc);
+
+ drm_dev_exit(idx);
}

static void hdlcd_crtc_atomic_disable(struct drm_crtc *crtc,
struct drm_atomic_state *state)
{
struct hdlcd_drm_private *hdlcd = crtc_to_hdlcd_priv(crtc);
+ int idx;
+
+ if (!drm_dev_enter(crtc->dev, &idx))
+ return;

drm_crtc_vblank_off(crtc);
hdlcd_write(hdlcd, HDLCD_REG_COMMAND, 0);
clk_disable_unprepare(hdlcd->clk);
+
+ drm_dev_exit(idx);
}

static enum drm_mode_status hdlcd_crtc_mode_valid(struct drm_crtc *crtc,
@@ -193,15 +228,23 @@ static enum drm_mode_status hdlcd_crtc_mode_valid(struct drm_crtc *crtc,
{
struct hdlcd_drm_private *hdlcd = crtc_to_hdlcd_priv(crtc);
long rate, clk_rate = mode->clock * 1000;
+ enum drm_mode_status status = MODE_OK;
+ int idx;
+
+ if (!drm_dev_enter(crtc->dev, &idx))
+ return MODE_NOCLOCK;

rate = clk_round_rate(hdlcd->clk, clk_rate);
/* 0.1% seems a close enough tolerance for the TDA19988 on Juno */
if (abs(rate - clk_rate) * 1000 > clk_rate) {
/* clock required by mode not supported by hardware */
- return MODE_NOCLOCK;
+ status = MODE_NOCLOCK;
+ goto out;
}

- return MODE_OK;
+out:
+ drm_dev_exit(idx);
+ return status;
}

static void hdlcd_crtc_atomic_begin(struct drm_crtc *crtc,
@@ -268,10 +311,14 @@ static void hdlcd_plane_atomic_update(struct drm_plane *plane,
struct hdlcd_drm_private *hdlcd;
u32 dest_h;
dma_addr_t scanout_start;
+ int idx;

- if (!fb)
+ if (!drm_dev_enter(plane->dev, &idx))
return;

+ if (!fb)
+ goto out;
+
dest_h = drm_rect_height(&new_plane_state->dst);
scanout_start = drm_fb_dma_get_gem_addr(fb, new_plane_state, 0);

@@ -280,6 +327,9 @@ static void hdlcd_plane_atomic_update(struct drm_plane *plane,
hdlcd_write(hdlcd, HDLCD_REG_FB_LINE_PITCH, fb->pitches[0]);
hdlcd_write(hdlcd, HDLCD_REG_FB_LINE_COUNT, dest_h - 1);
hdlcd_write(hdlcd, HDLCD_REG_FB_BASE, scanout_start);
+
+out:
+ drm_dev_exit(idx);
}

static const struct drm_plane_helper_funcs hdlcd_plane_helper_funcs = {
--
2.37.3