Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp4494517pxa; Mon, 10 Aug 2020 10:21:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCUqGP/Q42vYSIbeNh07wLbY5QejoKqlrzvi+ip70g1I53RT5nSISRjRdVbOyOOMYZ8mGL X-Received: by 2002:a17:906:198e:: with SMTP id g14mr22134215ejd.266.1597080115190; Mon, 10 Aug 2020 10:21:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597080115; cv=none; d=google.com; s=arc-20160816; b=0kefRlvTt2zAUHYutBp9U4uyoRKW5RhNcVAyHLwiuvGmofedjMxt/fxH+GLPbrG3Oi UvoH3eyewLTRzuj7DnAhRfoDsxcFARR0zinZfHk4jx4MD/mXaJI6GGbR+SIpGnb5WNRO wxMwTrfW88VCWdNDNvtpI3PHf6TbLmjO+3KvkMWHVMsHeKGmP5zM0AAbFgCBExhI24L3 ciPNSjJ0z8sBo8wGmH/bW+hO8sDM2XGDv9gY6aqYCFXweVj6Bi15Kjst0iEdW8Utax+X lo/kGVvxD9tJ1k4voSeuJge8Ce5q4jaKsw5hRJp1XLsGS1rsfGqO1tQij98BqXVHj/Xj NPHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :subject:cc:to:from:date; bh=eUtxjLUFjCbW32ixla1jFMAB5U+oMdFBoG1Nkh8gKgQ=; b=zki5MolY8No5SWE5CpVzpj/IlcN2WJU4vrpjkHuXP0qPldV77Cp962Z2PNT4uQyxCG yczEv4msBEhSxoh5eaDkdhuukYykkE/u+6NHSG2lM9/FscL56oAM4Rrrdps6KWRMkJYF zxLGEJNw5FyJn0+p5paOKOWNRp0A77YBAe3APBd/qTTvFYWMkyWMhhOH2xB04ohodtYM 49KltEi73jMEnSxHqHoWAwYUJFKy6IC/ykxd20/fa3DRDZl3GRHUcs9NFvyvPYO9oa6W HO5vpVfPLIRltL9+4aZGjCmtVJcZW/2sSEyV1WUoyBEw6BgNwiKm4EZlOuS29jZK3OqG MSlg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n3si11645126eji.384.2020.08.10.10.21.30; Mon, 10 Aug 2020 10:21:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726820AbgHJRUE (ORCPT + 99 others); Mon, 10 Aug 2020 13:20:04 -0400 Received: from cmta16.telus.net ([209.171.16.89]:53268 "EHLO cmta16.telus.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725862AbgHJRUD (ORCPT ); Mon, 10 Aug 2020 13:20:03 -0400 X-Greylist: delayed 488 seconds by postgrey-1.27 at vger.kernel.org; Mon, 10 Aug 2020 13:20:02 EDT Received: from montezuma.home ([154.5.226.127]) by cmsmtp with SMTP id 5BKwkkXSG5b7l5BKykm83N; Mon, 10 Aug 2020 11:11:53 -0600 X-Telus-Authed: none X-Authority-Analysis: v=2.3 cv=YPHhNiOx c=1 sm=1 tr=0 a=f8b3WT/FcTuUJCJtQO1udw==:117 a=f8b3WT/FcTuUJCJtQO1udw==:17 a=kj9zAlcOel0A:10 a=x7bEGLp0ZPQA:10 a=COSDN44dAAMA:10 a=bG9gDjmhPuXUG-eiuMMA:9 a=CjuIK1q_8ugA:10 Date: Mon, 10 Aug 2020 10:11:50 -0700 (PDT) From: Zwane Mwaikambo To: tcamuso@redhat.com cc: Linux Kernel , dri-devel@lists.freedesktop.org, dkwon@redhat.com Subject: Re: [PATCH] drm: assure aux_dev is nonzero before using it Message-ID: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-CMAE-Envelope: MS4wfLXLrG61H3IewWgL14PAlsxl0Y3rkOFoECheosPcZUUND7JWnN8rPKnbtQKPrkOXCu1aPejTgwQ+X7R90J+w6fD9IdyUBsRp14+2pRNZx/kNWYggJTdX 0xLa2pgKJOC23iLr8VbAmtdlcXp7oCl9+cr4ZWuCC5EQUMDbBt8V0rmF1448y9Q6MKlDSh7QNFCoPzAZAgrUHqhl+APfxkN1I6+iktMRThGoW689FGKKUnsC hvLSjM46j66W8Oh7ifli8AEYTmDmtKv58sakJbGgDH3mCHUKafvaPsOcpDWN9xrS Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Folks, I know this thread eventually dropped off due to not identifying the underlying issue. It's still occuring on 5.8 and in my case it happened because the udev device nodes for the DP aux devices were not cleaned up whereas the kernel had no association with them. I can reproduce the bug just by creating a device node for a non-existent minor device and calling open(). To me it still makes sense to just check aux_dev because the chardev has no way to check before calling. (gdb) list *drm_dp_aux_dev_get_by_minor+0x29 0x17b39 is in drm_dp_aux_dev_get_by_minor (drivers/gpu/drm/drm_dp_aux_dev.c:65). 60 static struct drm_dp_aux_dev *drm_dp_aux_dev_get_by_minor(unsigned index) 61 { 62 struct drm_dp_aux_dev *aux_dev = NULL; 63 64 mutex_lock(&aux_idr_mutex); 65 aux_dev = idr_find(&aux_idr, index); 66 if (!kref_get_unless_zero(&aux_dev->refcount)) 67 aux_dev = NULL; 68 mutex_unlock(&aux_idr_mutex); 69 (gdb) p/x &((struct drm_dp_aux_dev *)(0x0))->refcount $8 = 0x18 static int auxdev_open(struct inode *inode, struct file *file) { unsigned int minor = iminor(inode); struct drm_dp_aux_dev *aux_dev; aux_dev = drm_dp_aux_dev_get_by_minor(minor); if (!aux_dev) return -ENODEV; file->private_data = aux_dev; return 0; }