[PATCH] fbdev: wait for references go away
Bartlomiej Zolnierkiewicz
b.zolnierkie at samsung.com
Mon Jan 20 17:51:17 UTC 2020
Hi,
On 1/20/20 11:00 AM, Gerd Hoffmann wrote:
> Problem: do_unregister_framebuffer() might return before the device is
> fully cleaned up, due to userspace having a file handle for /dev/fb0
do_unregister_framebuffer() doesn't guarantee that fb_info is freed after
function's return (it only drops the kernel reference on fb_info).
> open. Which can result in drm driver not being able to grab resources
> (and fail initialization) because the firmware framebuffer still holds
> them. Reportedly plymouth can trigger this.
Could you please describe issue some more?
I guess that a problem is happening during DRM driver load while fbdev
driver is loaded? I assume do_unregister_framebuffer() is called inside
do_remove_conflicting_framebuffers()?
At first glance it seems to be an user-space issue as it should not be
holding references on /dev/fb0 while DRM driver is being loaded.
> Fix this by trying to wait until all references are gone. Don't wait
> forever though given that userspace might keep the file handle open.
Where does the 1s maximum delay come from?
Best regards,
--
Bartlomiej Zolnierkiewicz
Samsung R&D Institute Poland
Samsung Electronics
> Reported-by: Marek Marczykowski-Górecki <marmarek at invisiblethingslab.com>
> Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
> ---
> drivers/video/fbdev/core/fbmem.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
> index d04554959ea7..2ea8ac05b065 100644
> --- a/drivers/video/fbdev/core/fbmem.c
> +++ b/drivers/video/fbdev/core/fbmem.c
> @@ -35,6 +35,7 @@
> #include <linux/fbcon.h>
> #include <linux/mem_encrypt.h>
> #include <linux/pci.h>
> +#include <linux/delay.h>
>
> #include <asm/fb.h>
>
> @@ -1707,6 +1708,8 @@ static void unlink_framebuffer(struct fb_info *fb_info)
>
> static void do_unregister_framebuffer(struct fb_info *fb_info)
> {
> + int limit = 100;
> +
> unlink_framebuffer(fb_info);
> if (fb_info->pixmap.addr &&
> (fb_info->pixmap.flags & FB_PIXMAP_DEFAULT))
> @@ -1726,6 +1729,10 @@ static void do_unregister_framebuffer(struct fb_info *fb_info)
> fbcon_fb_unregistered(fb_info);
> console_unlock();
>
> + /* try wait until all references are gone */
> + while (atomic_read(&fb_info->count) > 1 && --limit > 0)
> + msleep(10);
> +
> /* this may free fb info */
> put_fb_info(fb_info);
> }
More information about the dri-devel
mailing list