On Tue, Sep 05, 2023 at 02:43:00PM +0200, Thomas Hellström wrote: > Hi maxime, > > On 9/5/23 14:06, Maxime Ripard wrote: > > On Tue, Sep 05, 2023 at 10:58:30AM +0200, Thomas Hellström wrote: > > > when using __drm_kunit_helper_alloc_drm_device() the driver may be > > > dereferenced by device-managed resources up until the device is > > > freed, which is typically later than the kunit-managed resource code > > > frees it. > > I'd like to have a bit more context on how a driver can end up in that > > situation? > > I interpret the attached traces as follows. > > INIT: > > Code allocates a struct device as a kunit-managed resource. > Code allocates a drm driver as a kunit-managed resource. > Code allocates a drm device as a device-managed resource. > > EXIT: > > Kunit resource cleanup frees the drm driver > Kunit resource cleanup frees the struct device, which starts a > device-managed resource cleanup > device-managed cleanup calls drm_dev_put() > drm_dev_put() dereferences the (now freed) drm driver -> Boom. > > It should be sufficient to enable KASAN and run the drm_exec_test kunit test > to trigger this. Ack. Can you put this into your commit log? Thanks! Maxime
Attachment:
signature.asc
Description: PGP signature
