Re: [PATCH v3 3/4] drm/bridge: Add devm_drm_bridge_add()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jun 03, 2022 at 07:56:16AM -0700, Doug Anderson wrote:
> Hi,
> 
> On Fri, Jun 3, 2022 at 7:14 AM Maxime Ripard <maxime@xxxxxxxxxx> wrote:
> >
> > On Fri, Jun 03, 2022 at 01:19:16PM +0300, Dmitry Baryshkov wrote:
> > > On Fri, 3 Jun 2022 at 11:21, Maxime Ripard <maxime@xxxxxxxxxx> wrote:
> > > >
> > > > On Tue, May 31, 2022 at 02:06:34PM -0700, Doug Anderson wrote:
> > > > > On Mon, May 23, 2022 at 10:00 AM Doug Anderson <dianders@xxxxxxxxxxxx> wrote:
> > > > > > On Sat, May 21, 2022 at 2:17 AM Maxime Ripard <maxime@xxxxxxxxxx> wrote:
> > > > > > > On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote:
> > > > > > > > This adds a devm managed version of drm_bridge_add(). Like other
> > > > > > > > "devm" function listed in drm_bridge.h, this function takes an
> > > > > > > > explicit "dev" to use for the lifetime management. A few notes:
> > > > > > > > * In general we have a "struct device" for bridges that makes a good
> > > > > > > >   candidate for where the lifetime matches exactly what we want.
> > > > > > > > * The "bridge->dev->dev" device appears to be the encoder
> > > > > > > >   device. That's not the right device to use for lifetime management.
> > > > > > > >
> > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx>
> > > > > > > > Signed-off-by: Douglas Anderson <dianders@xxxxxxxxxxxx>
> > > > > > >
> > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to
> > > > > > > introduce them as DRM-managed, and not device managed.
> > > > > > >
> > > > > > > Otherwise, you'll end up in a weird state when a device has been removed
> > > > > > > but the DRM device is still around.
> > > > > >
> > > > > > I'm kinda confused. In this case there is no DRM device for the bridge
> > > > > > and, as per my CL description, "bridge-dev->dev" appears to be the
> > > > > > encoder device. I wasn't personally involved in discussions about it,
> > > > > > but I was under the impression that this was expected / normal. Thus
> > > > > > we can't make this DRM-managed.
> > > > >
> > > > > Since I didn't hear a reply,
> > > >
> > > > Gah, I replied but it looks like somehow it never reached the ML...
> > > >
> > > > Here was my original reply:
> > > >
> > > > > > > This adds a devm managed version of drm_bridge_add(). Like other
> > > > > > > "devm" function listed in drm_bridge.h, this function takes an
> > > > > > > explicit "dev" to use for the lifetime management. A few notes:
> > > > > > > * In general we have a "struct device" for bridges that makes a good
> > > > > > >   candidate for where the lifetime matches exactly what we want.
> > > > > > > * The "bridge->dev->dev" device appears to be the encoder
> > > > > > >   device. That's not the right device to use for lifetime management.
> > > > > > >
> > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx>
> > > > > > > Signed-off-by: Douglas Anderson <dianders@xxxxxxxxxxxx>
> > > > > >
> > > > > > If we are to introduce more managed helpers, I think it'd be wiser to
> > > > > > introduce them as DRM-managed, and not device managed.
> > > > > >
> > > > > > Otherwise, you'll end up in a weird state when a device has been removed
> > > > > > but the DRM device is still around.
> > > > >=20
> > > > > I'm kinda confused. In this case there is no DRM device for the bridge
> > > > > and, as per my CL description, "bridge-dev->dev" appears to be the
> > > > > encoder device.
> > > >
> > > > bridge->dev seems right though?
> > > >
> > > > > I wasn't personally involved in discussions about it, but I was under
> > > > > the impression that this was expected / normal. Thus we can't make
> > > > > this DRM-managed.
> > > >
> > > > Still, I don't think devm is the right solution to this either.
> > > >
> > > > The underlying issue is two-fold:
> > > >
> > > >   - Encoders can have a pointer to a bridge through of_drm_find_bridge
> > > >     or similar. However, bridges are traditionally tied to their device
> > > >     lifetime (by calling drm_bridge_add in probe, and drm_bridge_remove
> > > >     in remove). Encoders will typically be tied to the DRM device
> > > >     however, and that one sticks around until the last application
> > > >     closes it. We can thus very easily end up with a dangling pointer,
> > > >     and a use-after-free.
> > > >
> > > >   - It's not the case yet, but it doesn't seem far fetch to expose
> > > >     properties of bridges to the userspace. In that case, the userspace
> > > >     would be likely to still hold references to objects that aren't
> > > >     there anymore when the bridge is gone.
> > > >
> > > > The first is obviously a larger concern, but if we can find a solution
> > > > that would accomodate the second it would be great.
> > > >
> > > > As far as I can see, we should fix in two steps:
> > > >
> > > >   - in drm_bridge_attach, we should add a device-managed call that will
> > > >     unregister the main DRM device. We don't allow to probe the main DRM
> > > >     device when the bridge isn't there yet in most case, so it makes
> > > >     sense to remove it once the bridge is no longer there as well.
> > >
> > > The problem is that I do not see a good way to unregister the main DRM
> > > device outside of it's driver code.
> >
> > That's what drmm helpers are doing though: they'll defer the cleanup
> > until the last user has closed its fd.
> 
> I'm a bit confused here. I'll take the concrete example of ps8640
> since that's what I was working on here.
> 
> ...right now the fact that we're using devm means that
> drm_bridge_remove() will get called when a ps8640 device is unbound,
> right?

Yes

> I guess you're saying that the "drm_bridge" memory needs to
> outlast this, right?

Since drm_bridge isn't exposing anything to userspace, it would mostly
be its connector. But they are usually allocated in the same structure,
so it's pretty much equivalent here.

> That being said, even if the actual memory for drm_bridge outlasts the
> ps8640 driver lifetime, much of the data would need to be marked
> invalid I think.

All the device resources, yes. So things like IO mappings, clocks, reset
lines, regulators, etc.

> If nothing else all function pointers that point into the driver would
> have to be made NULL, right? Once the device has been unbound it's
> possible that the underlying module might be removed. I suspect that
> we'd need to do more than just bogus-up the function pointers, though.

I ... didn't think of the module memory being freed. I don't know the
module handling code, but if it's an option we could get a reference to
the module memory to make sure the memory stays around until everything
has been freed.

If we can't, then we could relocate all the functions inside the kernel
for the teardown, but I'm sure it's going to be a mess.

> ...so it feels like any solution here needs to take into account
> _both_ the lifetime of the "struct device" and the "struct
> drm_device". If the "struct device" goes away but the "struct
> drm_device" is still around then we need to essentially transition the
> "struct drm_device" over to a dummy, right?

So we want to make sure we won't access the device resources if they
aren't there anymore, during the timeframe between the device being
unbound and the DRM device being unregistered (which can be arbitrarily
long). Fortunately, drm_device->registered is being toggled as soon as
we start the unbinding process, and drm_dev_enter()/drm_dev_exit() is
there to make sure the device is registered.

So we would need to make sure that all device resource access is
protected by a call to those functions. It's tedious, but it works
today.

It's a bit more complicated in the case of bridges (as opposed to any
other entity) because you don't have access to the DRM device when you
probe, only when you are attached. So you also need to make sure the
private structure you allocated in probe (using devm_) is properly
converted to be DRM-managed and freed later on.

Maxime

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [Linux for Sparc]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux