Hi, Maxime,
On 9/6/23 12:08, Maxime Ripard wrote:
On Tue, Sep 05, 2023 at 02:43:00PM +0200, Thomas Hellström wrote:
Hi maxime,
On 9/5/23 14:06, Maxime Ripard wrote:
On Tue, Sep 05, 2023 at 10:58:30AM +0200, Thomas Hellström wrote:
when using __drm_kunit_helper_alloc_drm_device() the driver may be
dereferenced by device-managed resources up until the device is
freed, which is typically later than the kunit-managed resource code
frees it.
I'd like to have a bit more context on how a driver can end up in that
situation?
I interpret the attached traces as follows.
INIT:
Code allocates a struct device as a kunit-managed resource.
Code allocates a drm driver as a kunit-managed resource.
Code allocates a drm device as a device-managed resource.
EXIT:
Kunit resource cleanup frees the drm driver
Kunit resource cleanup frees the struct device, which starts a
device-managed resource cleanup
device-managed cleanup calls drm_dev_put()
drm_dev_put() dereferences the (now freed) drm driver -> Boom.
It should be sufficient to enable KASAN and run the drm_exec_test kunit test
to trigger this.
Ack. Can you put this into your commit log?
Thanks!
Maxime
Thanks for reviewing. I'll update this and the other patch with your
comments.
Thanks,
Thomas
