subject:"\[PATCH 01\/12\] drm\/client\: Fully protect modes\[\] with dev\->mode

Re: [PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

2024-04-05 Thread Ville Syrjälä

On Fri, Apr 05, 2024 at 11:39:33PM +0300, Dmitry Baryshkov wrote:
> On Fri, 5 Apr 2024 at 22:17, Ville Syrjälä
>  wrote:
> >
> > On Fri, Apr 05, 2024 at 06:24:01AM +0300, Dmitry Baryshkov wrote:
> > > On Thu, Apr 04, 2024 at 11:33:25PM +0300, Ville Syrjala wrote:
> > > > From: Ville Syrjälä 
> > > >
> > > > The modes[] array contains pointers to modes on the connectors'
> > > > mode lists, which are protected by dev->mode_config.mutex.
> > > > Thus we need to extend modes[] the same protection or by the
> > > > time we use it the elements may already be pointing to
> > > > freed/reused memory.
> > > >
> > > > Cc: sta...@vger.kernel.org
> > > > Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10583
> > > > Signed-off-by: Ville Syrjälä 
> > >
> > > Reviewed-by: Dmitry Baryshkov 
> > >
> > > I tried looking for the proper Fixes tag, but it looks like it might be
> > > something like 386516744ba4 ("drm/fb: fix fbdev object model + cleanup 
> > > properly.")
> >
> > The history is rather messy. I think it was originally completely
> > lockless and broken, and got fixed piecemeal later in these:
> > commit 7394371d8569 ("drm: Take lock around probes for 
> > drm_fb_helper_hotplug_event")
> > commit 966a6a13c666 ("drm: Hold mode_config.lock to prevent hotplug whilst 
> > setting up crtcs")
> >
> > commit e13a05831050 ("drm/fb-helper: Stop using mode_config.mutex for 
> > internals")
> > looks to me like where the race might have been re-introduced.
> > But didn't do a thorough analysis so not 100% sure. It's all
> > rather ancient history by now so a Fixes tag doesn't seem all
> > that useful anyway.
> 
> Well, you have added stable to cc list, so you expect to have this
> patch backported. Then it should either have a kernel version as a
> 'starting' point or a Fixes tag to assist the sable team.

It'll get backported just fine without either.

-- 
Ville Syrjälä
Intel

Re: [PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

2024-04-05 Thread Dmitry Baryshkov

On Fri, 5 Apr 2024 at 22:17, Ville Syrjälä
 wrote:
>
> On Fri, Apr 05, 2024 at 06:24:01AM +0300, Dmitry Baryshkov wrote:
> > On Thu, Apr 04, 2024 at 11:33:25PM +0300, Ville Syrjala wrote:
> > > From: Ville Syrjälä 
> > >
> > > The modes[] array contains pointers to modes on the connectors'
> > > mode lists, which are protected by dev->mode_config.mutex.
> > > Thus we need to extend modes[] the same protection or by the
> > > time we use it the elements may already be pointing to
> > > freed/reused memory.
> > >
> > > Cc: sta...@vger.kernel.org
> > > Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10583
> > > Signed-off-by: Ville Syrjälä 
> >
> > Reviewed-by: Dmitry Baryshkov 
> >
> > I tried looking for the proper Fixes tag, but it looks like it might be
> > something like 386516744ba4 ("drm/fb: fix fbdev object model + cleanup 
> > properly.")
>
> The history is rather messy. I think it was originally completely
> lockless and broken, and got fixed piecemeal later in these:
> commit 7394371d8569 ("drm: Take lock around probes for 
> drm_fb_helper_hotplug_event")
> commit 966a6a13c666 ("drm: Hold mode_config.lock to prevent hotplug whilst 
> setting up crtcs")
>
> commit e13a05831050 ("drm/fb-helper: Stop using mode_config.mutex for 
> internals")
> looks to me like where the race might have been re-introduced.
> But didn't do a thorough analysis so not 100% sure. It's all
> rather ancient history by now so a Fixes tag doesn't seem all
> that useful anyway.

Well, you have added stable to cc list, so you expect to have this
patch backported. Then it should either have a kernel version as a
'starting' point or a Fixes tag to assist the sable team.



-- 
With best wishes
Dmitry

Re: [PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

2024-04-05 Thread Ville Syrjälä

On Fri, Apr 05, 2024 at 06:24:01AM +0300, Dmitry Baryshkov wrote:
> On Thu, Apr 04, 2024 at 11:33:25PM +0300, Ville Syrjala wrote:
> > From: Ville Syrjälä 
> > 
> > The modes[] array contains pointers to modes on the connectors'
> > mode lists, which are protected by dev->mode_config.mutex.
> > Thus we need to extend modes[] the same protection or by the
> > time we use it the elements may already be pointing to
> > freed/reused memory.
> > 
> > Cc: sta...@vger.kernel.org
> > Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10583
> > Signed-off-by: Ville Syrjälä 
> 
> Reviewed-by: Dmitry Baryshkov 
> 
> I tried looking for the proper Fixes tag, but it looks like it might be
> something like 386516744ba4 ("drm/fb: fix fbdev object model + cleanup 
> properly.")

The history is rather messy. I think it was originally completely
lockless and broken, and got fixed piecemeal later in these:
commit 7394371d8569 ("drm: Take lock around probes for 
drm_fb_helper_hotplug_event")
commit 966a6a13c666 ("drm: Hold mode_config.lock to prevent hotplug whilst 
setting up crtcs")

commit e13a05831050 ("drm/fb-helper: Stop using mode_config.mutex for 
internals")
looks to me like where the race might have been re-introduced.
But didn't do a thorough analysis so not 100% sure. It's all
rather ancient history by now so a Fixes tag doesn't seem all
that useful anyway.

-- 
Ville Syrjälä
Intel

Re: [PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

2024-04-04 Thread Dmitry Baryshkov

On Thu, Apr 04, 2024 at 11:33:25PM +0300, Ville Syrjala wrote:
> From: Ville Syrjälä 
> 
> The modes[] array contains pointers to modes on the connectors'
> mode lists, which are protected by dev->mode_config.mutex.
> Thus we need to extend modes[] the same protection or by the
> time we use it the elements may already be pointing to
> freed/reused memory.
> 
> Cc: sta...@vger.kernel.org
> Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10583
> Signed-off-by: Ville Syrjälä 

Reviewed-by: Dmitry Baryshkov 

I tried looking for the proper Fixes tag, but it looks like it might be
something like 386516744ba4 ("drm/fb: fix fbdev object model + cleanup 
properly.")


> ---
>  drivers/gpu/drm/drm_client_modeset.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/drm_client_modeset.c 
> b/drivers/gpu/drm/drm_client_modeset.c
> index 871e4e2129d6..0683a129b362 100644
> --- a/drivers/gpu/drm/drm_client_modeset.c
> +++ b/drivers/gpu/drm/drm_client_modeset.c
> @@ -777,6 +777,7 @@ int drm_client_modeset_probe(struct drm_client_dev 
> *client, unsigned int width,
>   unsigned int total_modes_count = 0;
>   struct drm_client_offset *offsets;
>   unsigned int connector_count = 0;
> + /* points to modes protected by mode_config.mutex */
>   struct drm_display_mode **modes;
>   struct drm_crtc **crtcs;
>   int i, ret = 0;
> @@ -845,7 +846,6 @@ int drm_client_modeset_probe(struct drm_client_dev 
> *client, unsigned int width,
>   drm_client_pick_crtcs(client, connectors, connector_count,
> crtcs, modes, 0, width, height);
>   }
> - mutex_unlock(>mode_config.mutex);
>  
>   drm_client_modeset_release(client);
>  
> @@ -875,6 +875,7 @@ int drm_client_modeset_probe(struct drm_client_dev 
> *client, unsigned int width,
>   modeset->y = offset->y;
>   }
>   }
> + mutex_unlock(>mode_config.mutex);
>  
>   mutex_unlock(>modeset_mutex);
>  out:
> -- 
> 2.43.2
> 

-- 
With best wishes
Dmitry

[PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

2024-04-04 Thread Ville Syrjala

From: Ville Syrjälä 

The modes[] array contains pointers to modes on the connectors'
mode lists, which are protected by dev->mode_config.mutex.
Thus we need to extend modes[] the same protection or by the
time we use it the elements may already be pointing to
freed/reused memory.

Cc: sta...@vger.kernel.org
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10583
Signed-off-by: Ville Syrjälä 
---
 drivers/gpu/drm/drm_client_modeset.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/drm_client_modeset.c 
b/drivers/gpu/drm/drm_client_modeset.c
index 871e4e2129d6..0683a129b362 100644
--- a/drivers/gpu/drm/drm_client_modeset.c
+++ b/drivers/gpu/drm/drm_client_modeset.c
@@ -777,6 +777,7 @@ int drm_client_modeset_probe(struct drm_client_dev *client, 
unsigned int width,
unsigned int total_modes_count = 0;
struct drm_client_offset *offsets;
unsigned int connector_count = 0;
+   /* points to modes protected by mode_config.mutex */
struct drm_display_mode **modes;
struct drm_crtc **crtcs;
int i, ret = 0;
@@ -845,7 +846,6 @@ int drm_client_modeset_probe(struct drm_client_dev *client, 
unsigned int width,
drm_client_pick_crtcs(client, connectors, connector_count,
  crtcs, modes, 0, width, height);
}
-   mutex_unlock(>mode_config.mutex);
 
drm_client_modeset_release(client);
 
@@ -875,6 +875,7 @@ int drm_client_modeset_probe(struct drm_client_dev *client, 
unsigned int width,
modeset->y = offset->y;
}
}
+   mutex_unlock(>mode_config.mutex);
 
mutex_unlock(>modeset_mutex);
 out:
-- 
2.43.2

Re: [PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

Re: [PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

Re: [PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

Re: [PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

[PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

5 matches

Site Navigation

Mail list logo

Footer information