[PATCH 0/5] drm/rockchip: Fix unbind/bind
Ezequiel Garcia
ezequiel at collabora.com
Mon Jan 20 17:05:57 UTC 2020
This series is an attempt to fix the unbind/bind crash
(due to an use-after-free bug) found on rockchip-drm driver.
The problem lies in the way the driver uses the component API.
Currently, rockchip_drm_unbind calls component_unbind_all before
drm_mode_config_cleanup, the former releasing the memory
where the DRM objects are embedded.
The series goal is basically to fix all the components,
making proper use of the respective .destroy hooks,
making sure there are no use-after-free or double-free issues.
The first patch is likely the most controversial, which is required
because component_bind_all will call component_unbind without
calling drm_mode_config_cleanup, if any component fails to bind.
As mentioned above, this is problematic in the DRM framework.
Thanks!
Ezequiel
Ezequiel Garcia (5):
component: Add an API to cleanup before unbind
drm/rockchip: Fix the device unbind order
drm/rockchip: vop: Fix CRTC unbind
drm/rockchip: lvds: Fix component unbind
drm/rockchip: rk3066_hdmi: Cleanup component unbind
drivers/base/component.c | 9 +++-
drivers/gpu/drm/rockchip/rk3066_hdmi.c | 8 +--
drivers/gpu/drm/rockchip/rockchip_drm_drv.c | 20 +++++---
drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 56 ++++++++-------------
drivers/gpu/drm/rockchip/rockchip_lvds.c | 20 ++++----
include/linux/component.h | 10 +++-
6 files changed, 60 insertions(+), 63 deletions(-)
--
2.25.0
More information about the dri-devel
mailing list