From: Jeffy Chen <jeffy.chen@rock-chips.com>
To: linux-kernel@vger.kernel.org
Cc: briannorris@chromium.org, dianders@chromium.org,
tfiga@chromium.org, seanpaul@chromium.org, zyw@rock-chips.com,
marcheu@chromium.org, mark.yao@rock-chips.com, hshi@chromium.org,
Jeffy Chen <jeffy.chen@rock-chips.com>,
Daniel Vetter <daniel.vetter@intel.com>,
Jani Nikula <jani.nikula@linux.intel.com>,
dri-devel@lists.freedesktop.org, David Airlie <airlied@linux.ie>
Subject: [PATCH v8 2/2] drm: Prevent release fb after cleanup drm_mode_config
Date: Wed, 12 Apr 2017 10:55:30 +0800 [thread overview]
Message-ID: <1491965730-31393-3-git-send-email-jeffy.chen@rock-chips.com> (raw)
In-Reply-To: <1491965730-31393-1-git-send-email-jeffy.chen@rock-chips.com>
We are freeing all framebuffers in drm_mode_config_cleanup without
sync the drm_file's fbs list.
So if someone try to unbind drm before release drm dev fd, the fbs
list would remain some invalid fb references. And that would cause
crash later in drm_fb_release.
Add a sanity check to prevent that.
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
---
Changes in v8: None
Changes in v7:
Update commit message.
Changes in v6: None
Changes in v5: None
Changes in v2: None
drivers/gpu/drm/drm_framebuffer.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/gpu/drm/drm_framebuffer.c b/drivers/gpu/drm/drm_framebuffer.c
index e8f9c13..03c1632 100644
--- a/drivers/gpu/drm/drm_framebuffer.c
+++ b/drivers/gpu/drm/drm_framebuffer.c
@@ -583,6 +583,11 @@ void drm_fb_release(struct drm_file *priv)
{
struct drm_framebuffer *fb, *tfb;
struct drm_mode_rmfb_work arg;
+ struct drm_minor *minor = priv->minor;
+ struct drm_device *dev = minor->dev;
+
+ if (WARN_ON(!dev->mode_config.num_fb && !list_empty(&priv->fbs)))
+ return;
INIT_LIST_HEAD(&arg.fbs);
--
2.1.4
prev parent reply other threads:[~2017-04-12 2:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-12 2:55 [PATCH v8 0/2] drm: rockchip: Fix rockchip drm unbind crash error Jeffy Chen
2017-04-12 2:55 ` [PATCH v8 1/2] drm: Unplug drm device when unregistering it Jeffy Chen
2017-04-26 19:43 ` Ville Syrjälä
2017-04-26 20:36 ` Sean Paul
2017-04-12 2:55 ` Jeffy Chen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1491965730-31393-3-git-send-email-jeffy.chen@rock-chips.com \
--to=jeffy.chen@rock-chips.com \
--cc=airlied@linux.ie \
--cc=briannorris@chromium.org \
--cc=daniel.vetter@intel.com \
--cc=dianders@chromium.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=hshi@chromium.org \
--cc=jani.nikula@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=marcheu@chromium.org \
--cc=mark.yao@rock-chips.com \
--cc=seanpaul@chromium.org \
--cc=tfiga@chromium.org \
--cc=zyw@rock-chips.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox