On Thu, Mar 13, 2025 at 10:42 AM Maxime Ripard <mrip...@kernel.org> wrote:
> Hi Anusha,
>
> In addition to the feedback Luca already provided, I have a few comments
>
> On Wed, Mar 12, 2025 at 08:54:42PM -0400, Anusha Srivatsa wrote:
> > Introduce reference counted allocations for panels to avoid
> > use-after-free. The patch adds the macro devm_drm_bridge_alloc()
> > to allocate a new refcounted panel. Followed the documentation for
> > drmm_encoder_alloc() and devm_drm_dev_alloc and other similar
> > implementations for this purpose.
> >
> > Also adding drm_panel_get() and drm_panel_put() to suitably
> > increment and decrement the refcount
> >
> > Signed-off-by: Anusha Srivatsa <asriv...@redhat.com>
> > ---
> > drivers/gpu/drm/drm_panel.c | 50 ++++++++++++++++++++++++++++++++++++++
> > include/drm/drm_panel.h | 58
> +++++++++++++++++++++++++++++++++++++++++++++
> > 2 files changed, 108 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/drm_panel.c b/drivers/gpu/drm/drm_panel.c
> > index
> c627e42a7ce70459f50eb5095fffc806ca45dabf..b55e380e4a2f7ffd940c207e841c197d85113907
> 100644
> > --- a/drivers/gpu/drm/drm_panel.c
> > +++ b/drivers/gpu/drm/drm_panel.c
> > @@ -79,6 +79,7 @@ EXPORT_SYMBOL(drm_panel_init);
> > */
> > void drm_panel_add(struct drm_panel *panel)
> > {
> > + drm_panel_get(panel);
> > mutex_lock(&panel_lock);
> > list_add_tail(&panel->list, &panel_list);
> > mutex_unlock(&panel_lock);
> > @@ -96,6 +97,7 @@ void drm_panel_remove(struct drm_panel *panel)
> > mutex_lock(&panel_lock);
> > list_del_init(&panel->list);
> > mutex_unlock(&panel_lock);
> > + drm_panel_put(panel);
> > }
> > EXPORT_SYMBOL(drm_panel_remove);
>
> I think these two should be added as a separate patch, with some
> additional comment on why it's needed (because we store a pointer in the
> panel list).
>
Sounds good.
> >
> > @@ -355,6 +357,54 @@ struct drm_panel *of_drm_find_panel(const struct
> device_node *np)
> > }
> > EXPORT_SYMBOL(of_drm_find_panel);
> >
> > +/* Internal function (for refcounted panels) */
> > +void __drm_panel_free(struct kref *kref)
> > +{
> > + struct drm_panel *panel = container_of(kref, struct drm_panel,
> refcount);
> > + void *container = ((void *)panel) - panel->container_offset;
> > +
> > + kfree(container);
> > +}
> > +EXPORT_SYMBOL(__drm_panel_free);
> > +
> > +static void drm_panel_put_void(void *data)
> > +{
> > + struct drm_panel *panel = (struct drm_panel *)data;
> > +
> > + drm_panel_put(panel);
> > +}
> > +
> > +void *__devm_drm_panel_alloc(struct device *dev, size_t size, size_t
> offset,
> > + const struct drm_panel_funcs *funcs)
> > +{
> > + void *container;
> > + struct drm_panel *panel;
> > + int err;
> > +
> > + if (!funcs) {
> > + dev_warn(dev, "Missing funcs pointer\n");
> > + return ERR_PTR(-EINVAL);
> > + }
> > +
> > + container = kzalloc(size, GFP_KERNEL);
> > + if (!container)
> > + return ERR_PTR(-ENOMEM);
> > +
> > + panel = container + offset;
> > + panel->container_offset = offset;
> > + panel->funcs = funcs;
> > + kref_init(&panel->refcount);
> > +
> > + err = devm_add_action_or_reset(dev, drm_panel_put_void, panel);
> > + if (err)
> > + return ERR_PTR(err);
> > +
> > + drm_panel_init(panel, dev, funcs, panel->connector_type);
> > +
> > + return container;
> > +}
> > +EXPORT_SYMBOL(__devm_drm_panel_alloc);
>
> Similarly, here, I think we'd need to split that some more. Ideally, we
> should have a series of patches doing
>
> 1: Adding that allocation function you have right now, but using
> devm_kzalloc
>
> 2: Adding the reference counting to drm_panel, with drm_panel_get /
> drm_panel_put and the devm_action to put the reference in
> __devm_drm_panel_alloc()
>
> 3: Adding X patches to add calls to drm_bridge_get/drm_bridge_put
> everywhere it's needed, starting indeed by
> drm_panel_add/drm_panel_put. We don't have to do all of them in that
> series though. of_drm_find_panel though will probably merit a series
> of its own, given we'd have to fix all its callers too.
>
> 4: Convert some panels to the new allocation function. You already did
> that with panel_simple so there's nothing to change yet, but once we
> agree on the API we should mass convert all the panels.
>
>
I want to get the API right before making mass conversion of drivers. Will
split this patch as you have suggested above. Will leave out fixing of
of_drm_find_panel() callers to a separate series as well.
Thanks!
Anusha
> Maxime
>
