[PATCH] drm/sysfs: Do not drop device reference twice

2013-10-30 Thread Thierry Reding 
On Wed, Oct 30, 2013 at 02:05:02PM -0200, Paulo Zanoni wrote:
> 2013/10/30 Thierry Reding :
> > device_unregister() already drops its reference to the struct device, so
> > explicitly calling put_device() before device_unregister() can cause the
> > device to have been freed before it can be unregistered.
> >
> > Signed-off-by: Thierry Reding 
> 
> I started investigating this problem yesterday and reached the same
> conclusion. The connector path can be easily reproduced on i915.ko:
> get a machine that has an eDP panel, physically disconnect the panel,
> boot the machine, "modprobe i915" and watch the segfault.
> 
> Reviewed-by: Paulo Zanoni 
> Tested-by: Paulo Zanoni 
> 
> I didn't really bisect, but I believe this is probably a regression
> from "drm/sysfs: sort out minor and connector device object
> lifetimes".

Yes, I think that's the one that broke it.

Thierry
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL:

[PATCH] drm/sysfs: Do not drop device reference twice

2013-10-30 Thread Paulo Zanoni 
2013/10/30 Thierry Reding :
> device_unregister() already drops its reference to the struct device, so
> explicitly calling put_device() before device_unregister() can cause the
> device to have been freed before it can be unregistered.
>
> Signed-off-by: Thierry Reding 

I started investigating this problem yesterday and reached the same
conclusion. The connector path can be easily reproduced on i915.ko:
get a machine that has an eDP panel, physically disconnect the panel,
boot the machine, "modprobe i915" and watch the segfault.

Reviewed-by: Paulo Zanoni 
Tested-by: Paulo Zanoni 

I didn't really bisect, but I believe this is probably a regression
from "drm/sysfs: sort out minor and connector device object
lifetimes".

And kudos to whoever invented CONFIG_DEBUG_KOBJECT :)

> ---
>  drivers/gpu/drm/drm_sysfs.c | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c
> index dae42c7..db1c8f9 100644
> --- a/drivers/gpu/drm/drm_sysfs.c
> +++ b/drivers/gpu/drm/drm_sysfs.c
> @@ -439,7 +439,6 @@ err_out_files:
> device_remove_file(connector->kdev, _attrs_opt1[i]);
> for (i = 0; i < attr_cnt; i++)
> device_remove_file(connector->kdev, _attrs[i]);
> -   put_device(connector->kdev);
> device_unregister(connector->kdev);
>
>  out:
> @@ -472,7 +471,6 @@ void drm_sysfs_connector_remove(struct drm_connector 
> *connector)
> for (i = 0; i < ARRAY_SIZE(connector_attrs); i++)
> device_remove_file(connector->kdev, _attrs[i]);
> sysfs_remove_bin_file(>kdev->kobj, _attr);
> -   put_device(connector->kdev);
> device_unregister(connector->kdev);
> connector->kdev = NULL;
>  }
> --
> 1.8.4
>
> ___
> dri-devel mailing list
> dri-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dri-devel



-- 
Paulo Zanoni

[PATCH] drm/sysfs: Do not drop device reference twice

2013-10-30 Thread Thierry Reding 
device_unregister() already drops its reference to the struct device, so
explicitly calling put_device() before device_unregister() can cause the
device to have been freed before it can be unregistered.

Signed-off-by: Thierry Reding 
---
 drivers/gpu/drm/drm_sysfs.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c
index dae42c7..db1c8f9 100644
--- a/drivers/gpu/drm/drm_sysfs.c
+++ b/drivers/gpu/drm/drm_sysfs.c
@@ -439,7 +439,6 @@ err_out_files:
device_remove_file(connector->kdev, _attrs_opt1[i]);
for (i = 0; i < attr_cnt; i++)
device_remove_file(connector->kdev, _attrs[i]);
-   put_device(connector->kdev);
device_unregister(connector->kdev);

 out:
@@ -472,7 +471,6 @@ void drm_sysfs_connector_remove(struct drm_connector 
*connector)
for (i = 0; i < ARRAY_SIZE(connector_attrs); i++)
device_remove_file(connector->kdev, _attrs[i]);
sysfs_remove_bin_file(>kdev->kobj, _attr);
-   put_device(connector->kdev);
device_unregister(connector->kdev);
connector->kdev = NULL;
 }
-- 
1.8.4

[PATCH] drm/sysfs: Do not drop device reference twice

2013-10-30 Thread Ben Widawsky 
On Wed, Oct 30, 2013 at 11:59:05AM +0100, Thierry Reding wrote:
> device_unregister() already drops its reference to the struct device, so
> explicitly calling put_device() before device_unregister() can cause the
> device to have been freed before it can be unregistered.
> 
> Signed-off-by: Thierry Reding 

Thanks for fixing this. It was driving me nuts.
Tested-by: Ben Widawsky 

[snip]
-- 
Ben Widawsky, Intel Open Source Technology Center