[PATCH 29/30] drm/bridge: add support for device links to bridge
From: Mihail Atanassov
Date: Tue Nov 26 2019 - 08:17:09 EST
From: Russell King <rmk+kernel@xxxxxxxxxxxxxxx>
Bridge devices have been a potential for kernel oops as their lifetime
is independent of the DRM device that they are bound to. Hence, if a
bridge device is unbound while the parent DRM device is using them, the
parent happily continues to use the bridge device, calling the driver
and accessing its objects that have been freed.
This can cause kernel memory corruption and kernel oops.
To control this, use device links to ensure that the parent DRM device
is unbound when the bridge device is unbound, and when the bridge
device is re-bound, automatically rebind the parent DRM device.
Signed-off-by: Russell King <rmk+kernel@xxxxxxxxxxxxxxx>
Tested-by: Mihail Atanassov <mihail.atanassov@xxxxxxx>
[reworked to use drm_bridge_init() for setting bridge->device]
Signed-off-by: Mihail Atanassov <mihail.atanassov@xxxxxxx>
---
drivers/gpu/drm/drm_bridge.c | 49 ++++++++++++++++++++++++++----------
include/drm/drm_bridge.h | 4 +++
2 files changed, 40 insertions(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/drm_bridge.c b/drivers/gpu/drm/drm_bridge.c
index cbe680aa6eac..e1f8db84651a 100644
--- a/drivers/gpu/drm/drm_bridge.c
+++ b/drivers/gpu/drm/drm_bridge.c
@@ -26,6 +26,7 @@
#include <linux/mutex.h>
#include <drm/drm_bridge.h>
+#include <drm/drm_device.h>
#include <drm/drm_encoder.h>
#include "drm_crtc_internal.h"
@@ -109,6 +110,7 @@ void drm_bridge_init(struct drm_bridge *bridge, struct device *dev,
bridge->encoder = NULL;
bridge->next = NULL;
+ bridge->device = dev;
#ifdef CONFIG_OF
bridge->of_node = dev->of_node;
#endif
@@ -492,6 +494,32 @@ void drm_atomic_bridge_enable(struct drm_bridge *bridge,
EXPORT_SYMBOL(drm_atomic_bridge_enable);
#ifdef CONFIG_OF
+static struct drm_bridge *drm_bridge_find(struct drm_device *dev,
+ struct device_node *np, bool link)
+{
+ struct drm_bridge *bridge, *found = NULL;
+ struct device_link *dl;
+
+ mutex_lock(&bridge_lock);
+
+ list_for_each_entry(bridge, &bridge_list, list)
+ if (bridge->of_node == np) {
+ found = bridge;
+ break;
+ }
+
+ if (found && link) {
+ dl = device_link_add(dev->dev, found->device,
+ DL_FLAG_AUTOPROBE_CONSUMER);
+ if (!dl)
+ found = NULL;
+ }
+
+ mutex_unlock(&bridge_lock);
+
+ return found;
+}
+
/**
* of_drm_find_bridge - find the bridge corresponding to the device node in
* the global bridge list
@@ -503,21 +531,16 @@ EXPORT_SYMBOL(drm_atomic_bridge_enable);
*/
struct drm_bridge *of_drm_find_bridge(struct device_node *np)
{
- struct drm_bridge *bridge;
-
- mutex_lock(&bridge_lock);
-
- list_for_each_entry(bridge, &bridge_list, list) {
- if (bridge->of_node == np) {
- mutex_unlock(&bridge_lock);
- return bridge;
- }
- }
-
- mutex_unlock(&bridge_lock);
- return NULL;
+ return drm_bridge_find(NULL, np, false);
}
EXPORT_SYMBOL(of_drm_find_bridge);
+
+struct drm_bridge *of_drm_find_bridge_devlink(struct drm_device *dev,
+ struct device_node *np)
+{
+ return drm_bridge_find(dev, np, true);
+}
+EXPORT_SYMBOL(of_drm_find_bridge_devlink);
#endif
MODULE_AUTHOR("Ajay Kumar <ajaykumar.rs@xxxxxxxxxxx>");
diff --git a/include/drm/drm_bridge.h b/include/drm/drm_bridge.h
index d6d9d5301551..68b27c69cc3d 100644
--- a/include/drm/drm_bridge.h
+++ b/include/drm/drm_bridge.h
@@ -382,6 +382,8 @@ struct drm_bridge {
struct drm_encoder *encoder;
/** @next: the next bridge in the encoder chain */
struct drm_bridge *next;
+ /** @device: Linux driver model device */
+ struct device *device;
#ifdef CONFIG_OF
/** @of_node: device node pointer to the bridge */
struct device_node *of_node;
@@ -407,6 +409,8 @@ void drm_bridge_init(struct drm_bridge *bridge, struct device *dev,
const struct drm_bridge_timings *timings,
void *driver_private);
struct drm_bridge *of_drm_find_bridge(struct device_node *np);
+struct drm_bridge *of_drm_find_bridge_devlink(struct drm_device *dev,
+ struct device_node *np);
int drm_bridge_attach(struct drm_encoder *encoder, struct drm_bridge *bridge,
struct drm_bridge *previous);
--
2.23.0