RE: [PATCH 2/3] drm/exynos: Convert to drmm_mode_config_init() and drop manual cleanup

All of lore.kernel.org
 help / color / mirror / Atom feed

From: <hy_fifty.lee@samsung.com>
To: "'Inki Dae'" <daeinki@gmail.com>
Cc: "'Seung-Woo Kim'" <sw0312.kim@samsung.com>,
	"'Kyungmin Park'" <kyungmin.park@samsung.com>,
	"'David Airlie'" <airlied@gmail.com>,
	"'Simona Vetter'" <simona@ffwll.ch>,
	"'Krzysztof Kozlowski'" <krzk@kernel.org>,
	"'Alim	Akhtar'" <alim.akhtar@samsung.com>,
	<dri-devel@lists.freedesktop.org>,
	<linux-arm-kernel@lists.infradead.org>,
	<linux-samsung-soc@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>
Subject: RE: [PATCH 2/3] drm/exynos: Convert to drmm_mode_config_init() and drop manual cleanup
Date: Wed, 12 Nov 2025 12:03:14 +0900	[thread overview]
Message-ID: <000101dc5380$e33e1c10$a9ba5430$@samsung.com> (raw)
In-Reply-To: <CAAQKjZNCpK4rq6DFUtiQ2rxCeb_34Mp54quVto+9LRJMH3=ZhQ@mail.gmail.com>

> -----Original Message-----
> From: Inki Dae <daeinki@gmail.com>
> Sent: Monday, November 10, 2025 2:22 PM
> To: Hoyoung Lee <hy_fifty.lee@samsung.com>
> Cc: Seung-Woo Kim <sw0312.kim@samsung.com>; Kyungmin Park
> <kyungmin.park@samsung.com>; David Airlie <airlied@gmail.com>; Simona
> Vetter <simona@ffwll.ch>; Krzysztof Kozlowski <krzk@kernel.org>; Alim
> Akhtar <alim.akhtar@samsung.com>; dri-devel@lists.freedesktop.org; linux-
> arm-kernel@lists.infradead.org; linux-samsung-soc@vger.kernel.org; linux-
> kernel@vger.kernel.org
> Subject: Re: [PATCH 2/3] drm/exynos: Convert to drmm_mode_config_init()
> and drop manual cleanup
> 
> 2025년 9월 29일 (월) 오후 1:54, Hoyoung Lee <hy_fifty.lee@samsung.com>님이 작
> 성:
> >
> > Switch mode-config initialization to drmm_mode_config_init() so that
> > the lifetime is tied to drm_device. Remove explicit
> > drm_mode_config_cleanup() from error and unbind paths since cleanup is
> now managed by DRM.
> >
> > No functional change intended.
> >
> > Signed-off-by: Hoyoung Lee <hy_fifty.lee@samsung.com>
> > ---
> >  drivers/gpu/drm/exynos/exynos_drm_drv.c | 4 +---
> >  1 file changed, 1 insertion(+), 3 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/exynos/exynos_drm_drv.c
> > b/drivers/gpu/drm/exynos/exynos_drm_drv.c
> > index 6cc7bf77bcac..1aea71778ab1 100644
> > --- a/drivers/gpu/drm/exynos/exynos_drm_drv.c
> > +++ b/drivers/gpu/drm/exynos/exynos_drm_drv.c
> > @@ -257,7 +257,7 @@ static int exynos_drm_bind(struct device *dev)
> >         dev_set_drvdata(dev, drm);
> >         drm->dev_private = (void *)private;
> >
> > -       drm_mode_config_init(drm);
> > +       drmm_mode_config_init(drm);
> >
> >         exynos_drm_mode_config_init(drm);
> >
> > @@ -297,7 +297,6 @@ static int exynos_drm_bind(struct device *dev)
> >  err_unbind_all:
> >         component_unbind_all(drm->dev, drm);
> >  err_mode_config_cleanup:
> > -       drm_mode_config_cleanup(drm);
> 
> In the current implementation, there is a potential dereference issue
> because the private object may be freed before to_dma_dev(dev) is called.
> When drmm_mode_config_init() is invoked, it registers
> drm_mode_config_cleanup() as a managed action. This means that the cleanup
> function will be automatically executed later when
> drm_dev_put() is called.
> 
> The problem arises when drm_dev_put() is called without explicitly
> invoking drm_mode_config_cleanup() first, as in the original code. In that
> case, the managed cleanup is performed later, which allows
> to_dma_dev(dev) to be called after the private object has already been
> released.
> 
> For reference, the following sequence may occur internally when
> drm_mode_config_cleanup() is executed:
> 1. drm_mode_config_cleanup() is called.
> 2. During the cleanup of FBs, planes, CRTCs, encoders, and connectors,
> framebuffers or GEM objects may be released.
> 3. At this point, Exynos-specific code could invoke to_dma_dev(dev).
> 
> Therefore, the private object must remain valid until
> drm_mode_config_cleanup() completes.
> It would be safer to adjust the code so that kfree(private) is performed
> after drm_dev_put(drm) to ensure the private data remains available during
> cleanup.
> 
> Thanks,
> Inki Dae
> 
> >         exynos_drm_cleanup_dma(drm);
> >         kfree(private);
> >         dev_set_drvdata(dev, NULL);
> > @@ -317,7 +316,6 @@ static void exynos_drm_unbind(struct device *dev)
> >         drm_atomic_helper_shutdown(drm);
> >
> >         component_unbind_all(drm->dev, drm);
> > -       drm_mode_config_cleanup(drm);
> 
> Ditto.
> 
> >         exynos_drm_cleanup_dma(drm);
> >
> >         kfree(drm->dev_private);
> > --
> > 2.34.1
> >
> >

Hi, Inki
Thanks for the review and for pointing out the to_dma_dev() path

If I understand you correctly, fine with using DRMM, but kfree(priv) should occur after drm_dev_put(drm)
That would mean releasing the drm_device first and freeing dev_private afterwards.
Of course, we will also need to adjust the probe() error-unwind (err_free) order accordingly.
Do you anticipate any side effects from this ordering change? I’d appreciate your thoughts.

BRs,
Hoyoung Lee

next prev parent reply	other threads:[~2025-11-12  3:03 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20250929042917epcas2p26f004fefc4b491c5190f0854a7fe1f86@epcas2p2.samsung.com>
2025-09-29  4:31 ` [PATCH 0/3] drm/exynos: KMS cleanups for off-screen planes and mode_config Hoyoung Lee
2025-09-29  4:31   ` [PATCH 1/3] drm/exynos: plane: Disable fully off-screen planes instead of zero-sized update Hoyoung Lee
2025-11-10  2:24     ` Inki Dae
2025-11-12  2:44       ` hy_fifty.lee
2025-11-13 14:22         ` Inki Dae
2025-09-29  4:31   ` [PATCH 2/3] drm/exynos: Convert to drmm_mode_config_init() and drop manual cleanup Hoyoung Lee
2025-11-10  5:22     ` Inki Dae
2025-11-12  3:03       ` hy_fifty.lee [this message]
2025-11-13 14:33         ` Inki Dae
2025-09-29  4:31   ` [PATCH 3/3] drm/exynos: Move mode_config setup from fb.c to drv.c Hoyoung Lee
2025-11-10  6:44     ` Inki Dae

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='000101dc5380$e33e1c10$a9ba5430$@samsung.com' \
    --to=hy_fifty.lee@samsung.com \
    --cc=airlied@gmail.com \
    --cc=alim.akhtar@samsung.com \
    --cc=daeinki@gmail.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=krzk@kernel.org \
    --cc=kyungmin.park@samsung.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-samsung-soc@vger.kernel.org \
    --cc=simona@ffwll.ch \
    --cc=sw0312.kim@samsung.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.