Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932535AbdDGHRL (ORCPT <rfc822;w@1wt.eu>);
        Fri, 7 Apr 2017 03:17:11 -0400
Received: from mail-wr0-f194.google.com ([209.85.128.194]:33566 "EHLO
        mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753038AbdDGHRD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 7 Apr 2017 03:17:03 -0400
Date: Fri, 7 Apr 2017 09:16:59 +0200
From: Daniel Vetter <daniel@ffwll.ch>
To: Jeffy Chen <jeffy.chen@rock-chips.com>
Cc: linux-kernel@vger.kernel.org, briannorris@chromium.org,
        dianders@chromium.org, tfiga@chromium.org,
        dri-devel@lists.freedesktop.org, zyw@rock-chips.com,
        Daniel Vetter <daniel.vetter@intel.com>
Subject: Re: [PATCH v5 12/12] drm/drm_ioctl.c: Break ioctl when drm device
 not registered
Message-ID: <20170407071659.hwf5f7jf2bjjdata@phenom.ffwll.local>
Mail-Followup-To: Jeffy Chen <jeffy.chen@rock-chips.com>,
        linux-kernel@vger.kernel.org, briannorris@chromium.org,
        dianders@chromium.org, tfiga@chromium.org,
        dri-devel@lists.freedesktop.org, zyw@rock-chips.com,
        Daniel Vetter <daniel.vetter@intel.com>
References: <1491481885-13775-1-git-send-email-jeffy.chen@rock-chips.com>
 <1491481885-13775-13-git-send-email-jeffy.chen@rock-chips.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1491481885-13775-13-git-send-email-jeffy.chen@rock-chips.com>
X-Operating-System: Linux phenom 4.9.0-2-amd64 
User-Agent: NeoMutt/20170306 (1.8.0)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1492
Lines: 52

On Thu, Apr 06, 2017 at 08:31:25PM +0800, Jeffy Chen wrote:
> After unbinding drm, the user space may still owns the drm dev fd,
> and may still be able to call drm ioctl.
> 
> Add a sanity check here to prevent that from happening.
> 
> Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
> ---
> 
> Changes in v5: None
> Changes in v4: None
> Changes in v3: None
> Changes in v2: None
> 
>  drivers/gpu/drm/drm_ioctl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
> index 7d6deaa..15beb11 100644
> --- a/drivers/gpu/drm/drm_ioctl.c
> +++ b/drivers/gpu/drm/drm_ioctl.c
> @@ -674,7 +674,7 @@ long drm_ioctl(struct file *filp,
>  
>  	dev = file_priv->minor->dev;
>  
> -	if (drm_device_is_unplugged(dev))
> +	if (drm_device_is_unplugged(dev) || !dev->registered)

Shouldn't we instead automatically unplug the device in
drm_dev_unregister, instead of sprinkling tons of drm_device_is_unplugged
|| !registered all over the place?

That should catch a few more issues where userspace might creep into the
driver after unregistering ...
-Daniel

>  		return -ENODEV;
>  
>  	is_driver_ioctl = nr >= DRM_COMMAND_BASE && nr < DRM_COMMAND_END;
> -- 
> 2.1.4
> 
> 
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch