Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7125709rwb; Wed, 23 Nov 2022 02:30:09 -0800 (PST) X-Google-Smtp-Source: AA0mqf7dchlyBkAlJIncXU1zLKe8rPlQLNwmLvjDfHsdw3qttan+ReJpnhwZuEn5tSgyyrI3YHLd X-Received: by 2002:a17:906:2e86:b0:7a5:f8a5:6f86 with SMTP id o6-20020a1709062e8600b007a5f8a56f86mr22416003eji.610.1669199409667; Wed, 23 Nov 2022 02:30:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669199409; cv=none; d=google.com; s=arc-20160816; b=u2uhKIo0lS49R+C8hWDmm43CU/vMaJhdw08+QfbBTcHiLGGKLAxl6PkkTbkuiMO6ot Nan5c2Uvq7QO6l/reSbzMt+dDAagbpl9tI+j8tzBde8Jfk5oxKjTJCULOBifA6dQyYQV 9IuuXbJiFxOyMcac/cOPqH4ygDOLegXS6cCgDP5DYwVUrlJESwm0fFvQicxO8kbtnS4U DZAWPRLVHMO+as3Ssl346j8lfynbawIoI0ajBPQnA1+gTwobJ4JLHnQyr8l5MR7ddCFU TjPDPkZV6lbYyYA/WJ+sVbFBjtZAolSmJDKdEMhwo+jUQKNWmFUqh1AZhvKU4CCXEkon lY+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=+9vVpRoJ2yP2gAAOyuZpL8+MrKyMZP2wfmkwMOtepbc=; b=pu5/BMuijRa9JM3xffdT7xYwFVnawXp+FMdVPAMQe+Rk8AjCoGe+JktmN33M4rL9Ve 2w+vo7jdBwBpsIbBTni4BTn92mv7eBAKcdizhxiqUTUMs3n8D1zSpr7pWYlTjum+CMLA Ef5mkukrPgwYqbm3QqbNEo3lji+d3gIZkkYFpnKktAiC9NE9eM+n28l/hoeOxqwbSdtc mpqLep4Z6K2fxc5bZu/KTHFVbh1UmbhzpA4FIZiaY3Ls/yDPCW+qJ7Kdxec2baESoTnS +kCvuuY8I6n003pW0olAWqG5UB9rUGYhfrMNMpgaNm/mBoI68RIAZ48rtrxi9IcfN0Hi z/Tw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b=Ow7d1owJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=collabora.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r15-20020aa7d14f000000b00462dee0d6bfsi7443337edo.556.2022.11.23.02.29.48; Wed, 23 Nov 2022 02:30:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b=Ow7d1owJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=collabora.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237298AbiKWJPi (ORCPT + 88 others); Wed, 23 Nov 2022 04:15:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57556 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237287AbiKWJPa (ORCPT ); Wed, 23 Nov 2022 04:15:30 -0500 Received: from madras.collabora.co.uk (madras.collabora.co.uk [IPv6:2a00:1098:0:82:1000:25:2eeb:e5ab]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E074E107E41 for ; Wed, 23 Nov 2022 01:15:29 -0800 (PST) Received: from [192.168.1.100] (2-237-20-237.ip236.fastwebnet.it [2.237.20.237]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: kholk11) by madras.collabora.co.uk (Postfix) with ESMTPSA id 834646602A65; Wed, 23 Nov 2022 09:15:27 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1669194928; bh=4dlMANCcWyhN3x6ntNDLGRNwp8BpM4nQM3TDNFtBdfw=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=Ow7d1owJRJkE2pacH5cEMLBc2rKlw90cJG1YccvOwGKSzLKNdADVUkel2QGmQuHXF 027zKZa25m5a1qRMqzO/Dz6mJs/9YnLmmf1VybqGG1lYAi/tcJs4TcCt2qnsXV1u8q 3jIQIepgAZfGinKWunqb3ilM2I76ujcJhhglMLTsmOirEm7HyCsrBb4F9nIKDxeN6+ i+f86bICPbPXJ8TO4w8ZAlsJVmHg9ChT4KOTqkOdIx5NpwCejhFyVigDc3wwADVioU WeRvvWNhEDJV1S2rSxiOT7bVLJRz/BQCQRWlK9fAnjbtERqjzR0bEf32H2enEgLM7S H1cEfIRp9L7gQ== Message-ID: Date: Wed, 23 Nov 2022 10:15:25 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 Subject: Re: [PATCH v2] drm/mediatek: Clean dangling pointer on bind error path Content-Language: en-US To: =?UTF-8?B?TsOtY29sYXMgRi4gUi4gQS4gUHJhZG8=?= , Chun-Kuang Hu Cc: kernel@collabora.com, "Nancy . Lin" , CK Hu , Daniel Kurtz , Daniel Vetter , David Airlie , Mao Huang , Matthias Brugger , Philipp Zabel , YT Shen , dri-devel@lists.freedesktop.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org References: <20221122143949.3493104-1-nfraprado@collabora.com> From: AngeloGioacchino Del Regno In-Reply-To: <20221122143949.3493104-1-nfraprado@collabora.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Il 22/11/22 15:39, NĂ­colas F. R. A. Prado ha scritto: > mtk_drm_bind() can fail, in which case drm_dev_put() is called, > destroying the drm_device object. However a pointer to it was still > being held in the private object, and that pointer would be passed along > to DRM in mtk_drm_sys_prepare() if a suspend were triggered at that > point, resulting in a panic. Clean the pointer when destroying the > object in the error path to prevent this from happening. > > Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.") > Signed-off-by: NĂ­colas F. R. A. Prado > > --- > > Changes in v2: > - Added Fixes tag > > drivers/gpu/drm/mediatek/mtk_drm_drv.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c > index 39a42dc8fb85..a21ff1b3258c 100644 > --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c > +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c > @@ -514,6 +514,7 @@ static int mtk_drm_bind(struct device *dev) > err_deinit: > mtk_drm_kms_deinit(drm); > err_free: > + private->drm = NULL; Sorry for not noticing that in v1, but I've rechecked this function and, while this commit does indeed actually solve the described issue, I think it's incomplete. A few lines before, we have a loop that sets private->all_drm_private[i]->drm = drm; ...so here you should do... private->drm = NULL; while (i--) /* a for loop will also do, your choice */ private->all_drm_private[i]->drm = NULL; That makes sure that you cleanup *everything* :-) Cheers, Angelo