On Wed, Apr 28, 2021 at 11:52:49PM +0200, Hans de Goede wrote:
> Userspace could hold open a reference to the connector->kdev device,
> through e.g. holding a sysfs-atrtribute open after
> drm_sysfs_connector_remove() has been called. In this case the connector
> could be free-ed while the connector->kdev device's drvdata is still
> pointing to it.
>
> Give drm_connector devices there own device type, which allows
> us to specify our own release function and make drm_sysfs_connector_add()
> take a reference on the connector object, and have the new release
> function put the reference when the device is released.
>
> Giving drm_connector devices there own device type, will also allow
> checking if a device is a drm_connector device with a
> "if (device->type == &drm_sysfs_device_connector)" check.
>
> Note that the setting of the name member of the device_type struct will
> cause udev events for drm_connector-s to now contain DEVTYPE=drm_connector
> as extra info. So this extends the uevent part of the userspace API.
>
> Signed-off-by: Hans de Goede <hdego...@redhat.com>
Are you sure? I thought sysfs is supposed to flush out any pending
operations (they complete fast) and handle open fd internally?
Also I'd assume this creates a loop since the connector holds a reference
on the kdev?
-Daniel
> ---
> drivers/gpu/drm/drm_sysfs.c | 54 +++++++++++++++++++++++++++++++------
> 1 file changed, 46 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c
> index f0336c804639..c344c6d5e738 100644
> --- a/drivers/gpu/drm/drm_sysfs.c
> +++ b/drivers/gpu/drm/drm_sysfs.c
> @@ -50,6 +50,10 @@ static struct device_type drm_sysfs_device_minor = {
> .name = "drm_minor"
> };
>
> +static struct device_type drm_sysfs_device_connector = {
> + .name = "drm_connector",
> +};
> +
> struct class *drm_class;
>
> static char *drm_devnode(struct device *dev, umode_t *mode)
> @@ -271,30 +275,64 @@ static const struct attribute_group
> *connector_dev_groups[] = {
> NULL
> };
>
> +static void drm_sysfs_connector_release(struct device *dev)
> +{
> + struct drm_connector *connector = to_drm_connector(dev);
> +
> + drm_connector_put(connector);
> + kfree(dev);
> +}
> +
> int drm_sysfs_connector_add(struct drm_connector *connector)
> {
> struct drm_device *dev = connector->dev;
> + struct device *kdev;
> + int r;
>
> if (connector->kdev)
> return 0;
>
> - connector->kdev =
> - device_create_with_groups(drm_class, dev->primary->kdev, 0,
> - connector, connector_dev_groups,
> - "card%d-%s", dev->primary->index,
> - connector->name);
> + kdev = kzalloc(sizeof(*kdev), GFP_KERNEL);
> + if (!kdev)
> + return -ENOMEM;
> +
> + device_initialize(kdev);
> + kdev->class = drm_class;
> + kdev->type = &drm_sysfs_device_connector;
> + kdev->parent = dev->primary->kdev;
> + kdev->groups = connector_dev_groups;
> + kdev->release = drm_sysfs_connector_release;
> + dev_set_drvdata(kdev, connector);
> +
> + r = dev_set_name(kdev, "card%d-%s", dev->primary->index,
> connector->name);
> + if (r)
> + goto err_free;
> +
> DRM_DEBUG("adding \"%s\" to sysfs\n",
> connector->name);
>
> - if (IS_ERR(connector->kdev)) {
> - DRM_ERROR("failed to register connector device: %ld\n",
> PTR_ERR(connector->kdev));
> - return PTR_ERR(connector->kdev);
> + r = device_add(kdev);
> + if (r) {
> + DRM_ERROR("failed to register connector device: %d\n", r);
> + goto err_free;
> }
>
> + /*
> + * Ensure the connector object does not get free-ed if userspace still
> has
> + * references open to the device through e.g. the connector
> sysfs-attributes.
> + */
> + drm_connector_get(connector);
> +
> + connector->kdev = kdev;
> +
> if (connector->ddc)
> return sysfs_create_link(&connector->kdev->kobj,
> &connector->ddc->dev.kobj, "ddc");
> return 0;
> +
> +err_free:
> + put_device(kdev);
> + return r;
> }
>
> void drm_sysfs_connector_remove(struct drm_connector *connector)
> --
> 2.31.1
>
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
