Am Freitag, 1. Mai 2026, 00:20:29 Mitteleuropäische Sommerzeit schrieb Sebastian Reichel: > From: Cristian Ciocaltea <[email protected]> > > Core resources such as the DisplayPort AUX channel get initialized and > registered during dw_dp_bind(), but are never unregistered, which may > lead to memory leaks and/or use-after-free: > > [ 224.661371] BUG: KASAN: slab-use-after-free in > device_is_dependent+0xe0/0x2b0 > [ 224.662015] Read of size 8 at addr ffff00011aee8550 by task modprobe/658 > [ 224.662612] > [ 224.662752] CPU: 7 UID: 0 PID: 658 Comm: modprobe Not tainted > 7.0.0-rc2-next-20260305 #14 PREEMPT > [ 224.662759] Hardware name: Radxa ROCK 5B (DT) > [ 224.662762] Call trace: > [ 224.662764] show_stack+0x20/0x38 (C) > [ 224.662772] dump_stack_lvl+0x6c/0x98 > [ 224.662777] print_report+0x160/0x4b8 > [ 224.662783] kasan_report+0xb4/0xe0 > [ 224.662790] __asan_report_load8_noabort+0x20/0x30 > [ 224.662796] device_is_dependent+0xe0/0x2b0 > [ 224.662802] device_is_dependent+0x108/0x2b0 > [ 224.662808] device_link_add+0x1f8/0x10b0 > [ 224.662813] devm_of_phy_get_by_index+0x120/0x200 > [ 224.662819] dw_dp_bind+0x34c/0xb10 [dw_dp] > [ 224.662830] dw_dp_rockchip_bind+0x194/0x250 [rockchipdrm] > [ 224.662864] component_bind_all+0x3a8/0x720 > [ 224.662869] rockchip_drm_bind+0x120/0x390 [rockchipdrm] > [ 224.662899] try_to_bring_up_aggregate_device+0x76c/0x838 > [ 224.662904] component_master_add_with_match+0x1f4/0x230 > [ 224.662909] rockchip_drm_platform_probe+0x420/0x538 [rockchipdrm] > [ 224.662939] platform_probe+0xe8/0x168 > [ 224.662945] really_probe+0x340/0x828 > [ 224.662950] __driver_probe_device+0x2e0/0x350 > [ 224.662954] driver_probe_device+0x80/0x140 > [ 224.662959] __driver_attach+0x398/0x460 > [ 224.662964] bus_for_each_dev+0xe0/0x198 > [ 224.662968] driver_attach+0x50/0x68 > [ 224.662972] bus_add_driver+0x2a0/0x4c0 > [ 224.662977] driver_register+0x294/0x360 > [ 224.662982] __platform_driver_register+0x7c/0x98 > [ 224.662987] rockchip_drm_init+0xc4/0xff8 [rockchipdrm] > > Since a previous commit exported dw_dp_unbind() function in DW DP core > library to take care of the necessary cleanup, use this in the > component's unbind() callback, as well as in its bind() error path. > > Fixes: d68ba7bac955 ("drm/rockchip: Add RK3588 DPTX output support") > Signed-off-by: Cristian Ciocaltea <[email protected]> > Signed-off-by: Sebastian Reichel <[email protected]>
picked the same one from Cristian's series
