Re: [PATCH] drm: rcar-du: Fix leak of CMM platform device reference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Laurent,

I wonder if 'leaked' is correct in subject. It probably is,
un-balanced ref-counting will prevent the device from being released.
It should however happen only at system tear-down, doesn't it ?

On Wed, Dec 16, 2020 at 03:22:18AM +0200, Laurent Pinchart wrote:
> The device references acquired by of_find_device_by_node() are not
> released by the driver. Fix this by registering a cleanup action.
>
> Fixes: 8de707aeb452 ("drm: rcar-du: kms: Initialize CMM instances")
> Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@xxxxxxxxxxxxxxxx>
> ---
>  drivers/gpu/drm/rcar-du/rcar_du_kms.c | 20 ++++++++++++++++++--
>  1 file changed, 18 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/rcar-du/rcar_du_kms.c b/drivers/gpu/drm/rcar-du/rcar_du_kms.c
> index 92dfa3d4c011..7070f3c9b529 100644
> --- a/drivers/gpu/drm/rcar-du/rcar_du_kms.c
> +++ b/drivers/gpu/drm/rcar-du/rcar_du_kms.c
> @@ -14,6 +14,7 @@
>  #include <drm/drm_fb_cma_helper.h>
>  #include <drm/drm_gem_cma_helper.h>
>  #include <drm/drm_gem_framebuffer_helper.h>
> +#include <drm/drm_managed.h>
>  #include <drm/drm_probe_helper.h>
>  #include <drm/drm_vblank.h>
>
> @@ -721,6 +722,8 @@ static int rcar_du_cmm_init(struct rcar_du_device *rcdu)
>
>  		of_node_put(cmm);
>
> +		rcdu->cmms[i] = pdev;
> +

In the unfortunate event that the cmm intialization fails here below,
rcdu->cmms[i] will stay assigned, causing the rcar_du_crtc_create()
function which is called just after rcar_du_cmm_init() to access a
non-valid cmm instance.

I would either reset the rcdu->cmms[i] field to NULL in the below error
paths, or maintain the cmms[i] = pdev assignement at the end of the
function and put_device(pdev->dev) in the error paths.

Thanks
  j

>  		/*
>  		 * -ENODEV is used to report that the CMM config option is
>  		 * disabled: return 0 and let the DU continue probing.
> @@ -739,13 +742,22 @@ static int rcar_du_cmm_init(struct rcar_du_device *rcdu)
>  				"Failed to create device link to CMM%u\n", i);
>  			return -EINVAL;
>  		}
> -
> -		rcdu->cmms[i] = pdev;
>  	}
>
>  	return 0;
>  }
>
> +static void rcar_du_modeset_cleanup(struct drm_device *dev, void *res)
> +{
> +	struct rcar_du_device *rcdu = to_rcar_du_device(dev);
> +	unsigned int i;
> +
> +	for (i = 0; i < ARRAY_SIZE(rcdu->cmms); ++i) {
> +		if (rcdu->cmms[i])
> +			put_device(&rcdu->cmms[i]->dev);
> +	}
> +}
> +
>  int rcar_du_modeset_init(struct rcar_du_device *rcdu)
>  {
>  	static const unsigned int mmio_offsets[] = {
> @@ -766,6 +778,10 @@ int rcar_du_modeset_init(struct rcar_du_device *rcdu)
>  	if (ret)
>  		return ret;
>
> +	ret = drmm_add_action(&rcdu->ddev, rcar_du_modeset_cleanup, NULL);
> +	if (ret)
> +		return ret;
> +
>  	dev->mode_config.min_width = 0;
>  	dev->mode_config.min_height = 0;
>  	dev->mode_config.normalize_zpos = true;
> --
> Regards,
>
> Laurent Pinchart
>



[Index of Archives]     [Linux Samsung SOC]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux