[PATCH 01/10] Revert "drm/msm: Add missing check and destroy for alloc_ordered

public inbox for linux-arm-msm@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 01/10] Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue"
  2023-03-06 10:07 [PATCH 00/10] drm/msm: fix bind error handling Johan Hovold
@ 2023-03-06 10:07 ` Johan Hovold
  2023-03-28 12:49   ` Dmitry Baryshkov
  0 siblings, 1 reply; 4+ messages in thread
From: Johan Hovold @ 2023-03-06 10:07 UTC (permalink / raw)
  To: Rob Clark, Abhinav Kumar, Dmitry Baryshkov
  Cc: Sean Paul, David Airlie, Daniel Vetter, linux-arm-msm, dri-devel,
	freedreno, linux-kernel, Johan Hovold, Jiasheng Jiang

This reverts commit 643b7d0869cc7f1f7a5ac7ca6bd25d88f54e31d0.

A recent patch that tried to fix up the msm_drm_init() paths with
respect to the workqueue but only ended up making things worse:

First, the newly added calls to msm_drm_uninit() on early errors would
trigger NULL-pointer dereferences, for example, as the kms pointer would
not have been initialised. (Note that these paths were also modified by
a second broken error handling patch which in effect cancelled out this
part when merged.)

Second, the newly added allocation sanity check would still leak the
previously allocated drm device.

Instead of trying to salvage what was badly broken (and clearly not
tested), let's revert the bad commit so that clean and backportable
fixes can be added in its place.

Fixes: 643b7d0869cc ("drm/msm: Add missing check and destroy for alloc_ordered_workqueue")
Cc: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
---
 drivers/gpu/drm/msm/msm_drv.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
index aca48c868c14..b7f5a78eadd4 100644
--- a/drivers/gpu/drm/msm/msm_drv.c
+++ b/drivers/gpu/drm/msm/msm_drv.c
@@ -420,8 +420,6 @@ static int msm_drm_init(struct device *dev, const struct drm_driver *drv)
 	priv->dev = ddev;

 	priv->wq = alloc_ordered_workqueue("msm", 0);
-	if (!priv->wq)
-		return -ENOMEM;

 	INIT_LIST_HEAD(&priv->objects);
 	mutex_init(&priv->obj_lock);
-- 
2.39.2

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 01/10] Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue"
@ 2023-03-08  2:10 Jiasheng Jiang
  2023-03-08  7:41 ` Johan Hovold
  0 siblings, 1 reply; 4+ messages in thread
From: Jiasheng Jiang @ 2023-03-08  2:10 UTC (permalink / raw)
  To: johan+linaro
  Cc: robdclark, quic_abhinavk, dmitry.baryshkov, sean, airlied, daniel,
	linux-arm-msm, dri-devel, freedreno, linux-kernel, Jiasheng Jiang

On Mon, 06 Mar 2023 18:07:13 +0800, Johan Hovold wrote:
> This reverts commit 643b7d0869cc7f1f7a5ac7ca6bd25d88f54e31d0.

The commit not only adds the allocation sanity check, but also adds the
destroy_workqueue to release the allocated priv->wq.
Therefore, revert the commit will cause memory leak.

> A recent patch that tried to fix up the msm_drm_init() paths with
> respect to the workqueue but only ended up making things worse:
> 
> First, the newly added calls to msm_drm_uninit() on early errors would
> trigger NULL-pointer dereferences, for example, as the kms pointer would
> not have been initialised. (Note that these paths were also modified by
> a second broken error handling patch which in effect cancelled out this
> part when merged.)

There is a check for the kms pointer to avoid NULL-pointer dereference in
the msm_drm_uninit().

> Second, the newly added allocation sanity check would still leak the
> previously allocated drm device.

The ddev is allocated by drm_dev_alloc which support automatic cleanup.

Thanks,
Jiang


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 01/10] Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue"
  2023-03-08  2:10 [PATCH 01/10] Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue" Jiasheng Jiang
@ 2023-03-08  7:41 ` Johan Hovold
  0 siblings, 0 replies; 4+ messages in thread
From: Johan Hovold @ 2023-03-08  7:41 UTC (permalink / raw)
  To: Jiasheng Jiang
  Cc: johan+linaro, robdclark, quic_abhinavk, dmitry.baryshkov, sean,
	airlied, daniel, linux-arm-msm, dri-devel, freedreno,
	linux-kernel

On Wed, Mar 08, 2023 at 10:10:24AM +0800, Jiasheng Jiang wrote:
> On Mon, 06 Mar 2023 18:07:13 +0800, Johan Hovold wrote:
> > This reverts commit 643b7d0869cc7f1f7a5ac7ca6bd25d88f54e31d0.
> 
> The commit not only adds the allocation sanity check, but also adds the
> destroy_workqueue to release the allocated priv->wq.
> Therefore, revert the commit will cause memory leak.

No, reverting this commit does not cause any memory leaks (look at at
diff again).

The original patch called msm_drm_uninit() in some early error paths,
but that was just completely broken as that function must not be called
before the subcomponents have been bound and also triggered a bunch of
other NULL-pointer dereferences.

That bit was however removed when the change was merged with a second
branch that also touched these error paths. In the end, the leaked wq is
still there and this commit only added broken error handling for the wq
allocation failing (as it does not free the drm device).

> > A recent patch that tried to fix up the msm_drm_init() paths with
> > respect to the workqueue but only ended up making things worse:
> > 
> > First, the newly added calls to msm_drm_uninit() on early errors would
> > trigger NULL-pointer dereferences, for example, as the kms pointer would
> > not have been initialised. (Note that these paths were also modified by
> > a second broken error handling patch which in effect cancelled out this
> > part when merged.)
> 
> There is a check for the kms pointer to avoid NULL-pointer dereference in
> the msm_drm_uninit().

No, there were further places in msm_drm_uninit() which did not have any
such checks when you submitted your patch. Some of the missing checks
were added by a separate patch, but that would not in itself have been
sufficient as with your patch you'd still end up trying to unbind the
subcomponents before they are bound, which will lead to further crashes.

> > Second, the newly added allocation sanity check would still leak the
> > previously allocated drm device.
> 
> The ddev is allocated by drm_dev_alloc which support automatic cleanup.

We don't have automatic garbage collection in the kernel. You still need
to release the reference to the device for it to be freed.

Johan

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 01/10] Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue"
  2023-03-06 10:07 ` [PATCH 01/10] Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue" Johan Hovold
@ 2023-03-28 12:49   ` Dmitry Baryshkov
  0 siblings, 0 replies; 4+ messages in thread
From: Dmitry Baryshkov @ 2023-03-28 12:49 UTC (permalink / raw)
  To: Johan Hovold, Rob Clark, Abhinav Kumar
  Cc: Sean Paul, David Airlie, Daniel Vetter, linux-arm-msm, dri-devel,
	freedreno, linux-kernel, Jiasheng Jiang

On 06/03/2023 12:07, Johan Hovold wrote:
> This reverts commit 643b7d0869cc7f1f7a5ac7ca6bd25d88f54e31d0.
> 
> A recent patch that tried to fix up the msm_drm_init() paths with
> respect to the workqueue but only ended up making things worse:
> 
> First, the newly added calls to msm_drm_uninit() on early errors would
> trigger NULL-pointer dereferences, for example, as the kms pointer would
> not have been initialised. (Note that these paths were also modified by
> a second broken error handling patch which in effect cancelled out this
> part when merged.)
> 
> Second, the newly added allocation sanity check would still leak the
> previously allocated drm device.
> 
> Instead of trying to salvage what was badly broken (and clearly not
> tested), let's revert the bad commit so that clean and backportable
> fixes can be added in its place.
> 
> Fixes: 643b7d0869cc ("drm/msm: Add missing check and destroy for alloc_ordered_workqueue")
> Cc: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> ---
>   drivers/gpu/drm/msm/msm_drv.c | 2 --
>   1 file changed, 2 deletions(-)
> 

Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>

-- 
With best wishes
Dmitry


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-03-28 12:50 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-08  2:10 [PATCH 01/10] Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue" Jiasheng Jiang
2023-03-08  7:41 ` Johan Hovold
  -- strict thread matches above, loose matches on Subject: below --
2023-03-06 10:07 [PATCH 00/10] drm/msm: fix bind error handling Johan Hovold
2023-03-06 10:07 ` [PATCH 01/10] Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue" Johan Hovold
2023-03-28 12:49   ` Dmitry Baryshkov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox