[PATCH 0/3] drm/meson: fix use-after-free driver unload issues
Adrián Larumbe
adrian.larumbe at collabora.com
Mon Sep 19 01:09:37 UTC 2022
This patch series tries to fix some use-after-free bugs I've observed with
the help of KASAN in Amlogic's KMS DRM driver.
The first patch in the series reorders the driver deinitialisation sequence
so that devres won't deallocate things that are still expected to be around
by a later call to drm_dev_put.
The second patch adds a missing call to component_master_del inside a new
driver's remove callback.
The third patch makes sure some drm bridges added during driver
initialisation are removed at module unload time, to make sure the global
bridge list doesn't keep nodes to freed memory.
All three patches have been tested on an Odroid N2+ plus SBC.
Adrián Larumbe (3):
drm/meson: reorder driver deinit sequence to fix use-after-free bug
drm/meson: explicitly remove aggregate driver at module unload time
drm/meson: remove drm bridges at aggregate driver unbind time
drivers/gpu/drm/meson/meson_drv.c | 14 +++++++++++++-
drivers/gpu/drm/meson/meson_drv.h | 7 +++++++
drivers/gpu/drm/meson/meson_encoder_cvbs.c | 7 +++++++
drivers/gpu/drm/meson/meson_encoder_cvbs.h | 1 +
drivers/gpu/drm/meson/meson_encoder_hdmi.c | 7 +++++++
drivers/gpu/drm/meson/meson_encoder_hdmi.h | 1 +
drivers/gpu/drm/meson/meson_venc.h | 15 +++++++++++++++
7 files changed, 51 insertions(+), 1 deletion(-)
--
2.37.0
More information about the dri-devel
mailing list