lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 26 Jun 2024 18:53:40 +0300
From: Tomi Valkeinen <tomi.valkeinen@...asonboard.com>
To: Maxime Ripard <mripard@...nel.org>
Cc: Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
 Thomas Zimmermann <tzimmermann@...e.de>, David Airlie <airlied@...il.com>,
 Daniel Vetter <daniel@...ll.ch>,
 Laurent Pinchart <laurent.pinchart@...asonboard.com>,
 dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drm/mipi-dsi: Fix devm unregister & detach

On 26/06/2024 18:07, Maxime Ripard wrote:
> On Wed, Jun 26, 2024 at 12:55:39PM GMT, Tomi Valkeinen wrote:
>> On 26/06/2024 11:49, Maxime Ripard wrote:
>>> Hi,
>>>
>>> On Wed, Jun 19, 2024 at 12:07:48PM GMT, Tomi Valkeinen wrote:
>>>> From: Tomi Valkeinen <tomi.valkeinen+renesas@...asonboard.com>
>>>>
>>>> When a bridge driver uses devm_mipi_dsi_device_register_full() or
>>>> devm_mipi_dsi_attach(), the resource management is moved to devres,
>>>> which releases the resource automatically when the bridge driver is
>>>> unbound.
>>>>
>>>> However, if the DSI host goes away first, the host unregistration code
>>>> will automatically detach and unregister any DSI peripherals, without
>>>> notifying the devres about it. So when the bridge driver later is
>>>> unbound, the resources are released a second time, leading to crash.
>>>
>>> That's super surprising. mipi_dsi_device_unregister calls
>>> device_unregister, which calls device_del, which in turn calls
>>> devres_release_all.
>>
>> Hmm, right.
>>
>>> If that doesn't work like that, then it's what needs to be fixed, and
>>> not worked around in the MIPI-DSI bus.
>>
>> Well, something causes a crash for both the device register/unregister case
>> and the attach/detach case, and the call stacks and debug prints showed a
>> double unregister/detach...
>>
>> I need to dig up the board and check again why the devres_release_all() in
>> device_del() doesn't solve this. But I can probably only get back to this in
>> August, so it's perhaps best to ignore this patch for now.
>>
>> However, the attach/detach case is still valid? I see no devres calls in the
>> detach paths.
> 
> I'm not sure what you mean by the attach/detach case. Do you expect
> device resources allocated in attach to be freed when detach run?

Ah, never mind, the devres_release_all() would of course deal with that too.

However, I just realized/remembered why it crashes.

devm_mipi_dsi_device_register_full() and devm_mipi_dsi_attach() are 
given a device which is used for the devres. This device is probably 
always the bridge device. So when the bridge device goes away, so do 
those resources.

The mipi_dsi_device_unregister() call deals with a DSI device, which was 
created in devm_mipi_dsi_device_register_full(). Unregistering that DSI 
device, which does happen when the DSI host is removed, does not affect 
the devres of the bridge.

So, unloading the DSI host driver causes mipi_dsi_device_unregister() 
and mipi_dsi_detach() to be called (as part of 
mipi_dsi_host_unregister()), and unloading the bridge driver causes them 
to be called again via devres.

  Tomi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ