From mboxrd@z Thu Jan 1 00:00:00 1970 From: Philipp Zabel Subject: Re: [PATCH 1/3] ipuv3-crtc: add remove action for devres data Date: Tue, 02 Apr 2019 17:49:23 +0200 Message-ID: <1554220163.2338.2.camel@pengutronix.de> References: <0687f68004b28ed3a364b06a9eb64e2e@agner.ch> <20190402134904.588-1-m.grzeschik@pengutronix.de> <20190402134904.588-2-m.grzeschik@pengutronix.de> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20190402134904.588-2-m.grzeschik@pengutronix.de> Sender: linux-kernel-owner@vger.kernel.org To: Michael Grzeschik , airlied@linux.ie, gregkh@linuxfoundation.org Cc: linux-kernel@vger.kernel.org, linux@armlinux.org.uk, dri-devel@lists.freedesktop.org, rafael@kernel.org, kernel@pengutronix.de List-Id: dri-devel@lists.freedesktop.org Hi Michael, On Tue, 2019-04-02 at 15:49 +0200, Michael Grzeschik wrote: > The destroy function in drm_mode_config_cleanup will remove the objects > in ipu-drm-core by calling its destroy functions if the bind function > fails. The drm_crtc is also part of the devres allocated ipu_crtc > object. The ipu_crtc object will already be cleaned up if the bind for > the crtc fails. This leads drm_crtc_cleanup try to clean already freed > memory. > > We fix this issue by adding the devres action ipu_crtc_remove_head which > will remove its head from the objects in ipu-drm-core which then never > calls its destroy function anymore. > > Signed-off-by: Michael Grzeschik > --- > drivers/gpu/drm/imx/ipuv3-crtc.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/drivers/gpu/drm/imx/ipuv3-crtc.c b/drivers/gpu/drm/imx/ipuv3-crtc.c > index ec3602ebbc1cd..fa1ee33a43d77 100644 > --- a/drivers/gpu/drm/imx/ipuv3-crtc.c > +++ b/drivers/gpu/drm/imx/ipuv3-crtc.c > @@ -429,6 +429,14 @@ static int ipu_crtc_init(struct ipu_crtc *ipu_crtc, > return ret; > } > > +static void ipu_crtc_remove_head(void *data) > +{ > + struct ipu_crtc *ipu_crtc = data; > + struct drm_crtc *crtc = &ipu_crtc->base; > + > + list_del(&crtc->head); I don't think reaching into drm_crtc internals like this is going to be robust. Currently, this is either missing the rest of drm_crtc_cleanup, or it will crash if drm_crtc_init_with_planes hasn't been called yet. I think you could call devm_add_action with a function that calls drm_crtc_cleanup after drm_crtc_init_with_planes in ipu_crtc_init. Alternatively, the ipu_crtc allocation could be changed to kzalloc. It would then have to freed manually in the drm_crtc_funcs->destroy callback. regards Philipp