[PATCH RESEND] drm: fix crash in drm_minor_alloc_release

[Ville Syrjälä]

On Mon, Nov 07, 2022 at 04:40:41PM +0100, Stanislaw Gruszka wrote:
> On Mon, Nov 07, 2022 at 05:10:48PM +0200, Ville Syrjälä wrote:
> > On Mon, Nov 07, 2022 at 03:45:00PM +0100, Stanislaw Gruszka wrote:
> > > index 8214a0b1ab7f..e3a1243dd2ae 100644
> > > --- a/drivers/gpu/drm/drm_drv.c
> > > +++ b/drivers/gpu/drm/drm_drv.c
> > > @@ -102,7 +102,8 @@ static void drm_minor_alloc_release(struct drm_device *dev, void *data)
> > >  
> > >  	WARN_ON(dev != minor->dev);
> > >  
> > > -	put_device(minor->kdev);
> > > +	if (!IS_ERR(minor->kdev))
> > > +		put_device(minor->kdev);
> > 
> > Assigning error pointers into things is a terrible idea.
> > IMO the correct fix would be to not return some
> > half-constructed garbage from drm_minor_alloc().
> > So basically should at least partically revert
> > commit f96306f9892b ("drm: manage drm_minor cleanup with drmm_")
> 
> I would prefer to not change any ordering or remove drmm_* stuff, since
> as pointed to above commit message, things are tricky there.

Looks to me that it's only tricky because of drmm. Without that it was
totally clear what was happening. I think if the managed stuff is making
stuff more tricky then it has failed its purpose.

> 
> I think assigning NULL to minor->kdev should be fine:
> 
> 	if (IS_ERR(minor->kdev)) {
> 		r = PTR_ERR(minor->kdev);
> 		minor->kdev = NULL;
> 		return r;
> 	}
> 
> put_device() in drm_minor_alloc_release() will cope nicely with it.
> 
> Regards
> Stanislaw

-- 
Ville Syrjälä
Intel