Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932733AbdDGJZL (ORCPT ); Fri, 7 Apr 2017 05:25:11 -0400 Received: from regular1.263xmail.com ([211.150.99.133]:58213 "EHLO regular1.263xmail.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932563AbdDGJZE (ORCPT ); Fri, 7 Apr 2017 05:25:04 -0400 X-263anti-spam: KSV:0; X-MAIL-GRAY: 0 X-MAIL-DELIVERY: 1 X-KSVirus-check: 0 X-ABS-CHECKED: 4 X-RL-SENDER: jeffy.chen@rock-chips.com X-FST-TO: linux-kernel@vger.kernel.org X-SENDER-IP: 103.29.142.67 X-LOGIN-NAME: jeffy.chen@rock-chips.com X-UNIQUE-TAG: <4d9e26b60b60d77145bd3ac359c22955> X-ATTACHMENT-NUM: 0 X-DNS-TYPE: 0 Message-ID: <58E75AEB.6070700@rock-chips.com> Date: Fri, 07 Apr 2017 17:24:59 +0800 From: jeffy User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20130126 Thunderbird/19.0 MIME-Version: 1.0 To: linux-kernel@vger.kernel.org, briannorris@chromium.org, dianders@chromium.org, tfiga@chromium.org, dri-devel@lists.freedesktop.org, zyw@rock-chips.com, Daniel Vetter Subject: Re: [PATCH v5 12/12] drm/drm_ioctl.c: Break ioctl when drm device not registered References: <1491481885-13775-1-git-send-email-jeffy.chen@rock-chips.com> <1491481885-13775-13-git-send-email-jeffy.chen@rock-chips.com> <20170407071659.hwf5f7jf2bjjdata@phenom.ffwll.local> In-Reply-To: <20170407071659.hwf5f7jf2bjjdata@phenom.ffwll.local> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1843 Lines: 60 Hi Daniel, On 04/07/2017 03:16 PM, Daniel Vetter wrote: > On Thu, Apr 06, 2017 at 08:31:25PM +0800, Jeffy Chen wrote: >> After unbinding drm, the user space may still owns the drm dev fd, >> and may still be able to call drm ioctl. >> >> Add a sanity check here to prevent that from happening. >> >> Signed-off-by: Jeffy Chen >> --- >> >> Changes in v5: None >> Changes in v4: None >> Changes in v3: None >> Changes in v2: None >> >> drivers/gpu/drm/drm_ioctl.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c >> index 7d6deaa..15beb11 100644 >> --- a/drivers/gpu/drm/drm_ioctl.c >> +++ b/drivers/gpu/drm/drm_ioctl.c >> @@ -674,7 +674,7 @@ long drm_ioctl(struct file *filp, >> >> dev = file_priv->minor->dev; >> >> - if (drm_device_is_unplugged(dev)) >> + if (drm_device_is_unplugged(dev) || !dev->registered) > > Shouldn't we instead automatically unplug the device in > drm_dev_unregister, instead of sprinkling tons of drm_device_is_unplugged > || !registered all over the place? > it looks like the drm_unplug_dev would call drm_dev_unregister... maybe we can: 1/ replace the dev_unplug_dev in udl_drv.c to drm_dev_unregister 2/ call dev_unplug_dev in drm_dev_unregister, and remove drm_dev_unregister in dev_unplug_dev 3/ add a drm_plug_dev or drm_device_set_plugged, and call it in drm_dev_register > That should catch a few more issues where userspace might creep into the > driver after unregistering ... > -Daniel > >> return -ENODEV; >> >> is_driver_ioctl = nr >= DRM_COMMAND_BASE && nr < DRM_COMMAND_END; >> -- >> 2.1.4 >> >> >> _______________________________________________ >> dri-devel mailing list >> dri-devel@lists.freedesktop.org >> https://lists.freedesktop.org/mailman/listinfo/dri-devel >