On 08.01.2019 11:23, Russell King - ARM Linux wrote: > On Tue, Jan 08, 2019 at 10:22:06AM +0100, Andrzej Hajda wrote: >> What part of drm core disallows it? As I remember discussions about >> drm_bridge design there were voices that they should be >> hot(un)pluggable, and they are IMO, of course if they are not active. > Even if they are not active, once the DRM master device has used > of_drm_find_bridge(), it has a reference on struct drm_bridge. > Normally, that is allocated using something like devm_kzalloc() > in the bridge drivers probe function. > > When the bridge driver is unbound, that memory will be freed, but > there is no notification to the DRM master that this structure is > no longer valid (unless you have something implemented in exynos > between the exynos core and the bridge driver(s) that specifically > deals with that.) Note that there is nothing in drm_bridge_remove() > that does anything beyond removing the bridge from the global list > of bridges. > > Any further accesses by the DRM master to that struct drm_bridge > will be a use-after-free of that memory. > This is fortunate case of mipi-dsi bus, where master is notified upon child removal (mipi_dsi_host_ops::detach), so it can perform proper cleanup. Regards Andrzej _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
