dpu: use drmm_writeback_connector_init()

Christophe JAILLET Wed, 17 Sep 2025 11:35:31 -0700

Le 19/08/2025 à 22:32, Dmitry Baryshkov a écrit :

Use drmm_plain_encoder_alloc() to allocate simple encoder and
drmm_writeback_connector_init() in order to initialize writeback
connector instance.


Reviewed-by: Louis Chauvet 
<louis.chauvet-ldxbnhwyfcjbdgjk7y7...@public.gmane.org>
Reviewed-by: Suraj Kandpal 
<suraj.kandpal-ral2jqcrhueavxtiumw...@public.gmane.org>
Reviewed-by: Jessica Zhang 
<jessica.zhang-5ofbvzjwu8ry9ajcnzt...@public.gmane.org>
Signed-off-by: Dmitry Baryshkov 
<dmitry.baryshkov-5ofbvzjwu8ry9ajcnzt...@public.gmane.org>
---
  drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 10 +++-------
  1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c 
b/drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c
index 
8ff496082902b1ee713e806140f39b4730ed256a..cd73468e369a93c50303db2a7d4499bcb17be5d1
 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c
@@ -80,7 +80,6 @@ static int dpu_wb_conn_atomic_check(struct drm_connector 
*connector,
  static const struct drm_connector_funcs dpu_wb_conn_funcs = {
        .reset = drm_atomic_helper_connector_reset,
        .fill_modes = drm_helper_probe_single_connector_modes,
-       .destroy = drm_connector_cleanup,
        .atomic_duplicate_state = drm_atomic_helper_connector_duplicate_state,
        .atomic_destroy_state = drm_atomic_helper_connector_destroy_state,
  };
@@ -131,12 +130,9 @@ int dpu_writeback_init(struct drm_device *dev, struct 
drm_encoder *enc,

drm_connector_helper_add(&dpu_wb_conn->base.base, &dpu_wb_conn_helper_funcs);- /* DPU initializes the encoder and sets it up completely for writeback

-        * cases and hence should use the new API 
drm_writeback_connector_init_with_encoder
-        * to initialize the writeback connector
-        */
-       rc = drm_writeback_connector_init_with_encoder(dev, &dpu_wb_conn->base, 
enc,
-                       &dpu_wb_conn_funcs, format_list, num_formats);
+       rc = drmm_writeback_connector_init(dev, &dpu_wb_conn->base,
+                                          &dpu_wb_conn_funcs, enc,
+                                          format_list, num_formats);

if (!rc)

                dpu_wb_conn->wb_enc = enc;


dpu_wb_conn is allocated a few lines above using devm_kzalloc().

Based on [1], mixing devm_ and drmm_ is not safe and can lead to a uaf.

Is it correct here?

If the explanation at [1] is correct, then &dpu_wb_conn->base wouldpoint to some released memory, IIUC.



just my 2c.

CJ

[1]:https://web.git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/drivers/gpu/drm/xe/xe_hwmon.c?id=3a13c2de442d6bfaef9c102cd1092e6cae22b753

Re: [PATCH v3 4/8] drm/msm/dpu: use drmm_writeback_connector_init()

Reply via email to