Re: [PATCH] drm: Prevent modeset helpers to access an uninitialized drm_mode_config
From: Javier Martinez Canillas
Date: Sun Jul 24 2022 - 14:42:02 EST
Hello Thomas,
Thanks for your feedback.
On 7/24/22 20:24, Thomas Zimmermann wrote:
> Hi Javier
>
> Am 24.07.22 um 14:37 schrieb Javier Martinez Canillas:
>> DRM drivers initialize the mode configuration with drmm_mode_config_init()
>> and that function (among other things) initializes mutexes that are later
>> used by modeset helpers.
>>
>> But the helpers should only attempt to grab those locks if the mode config
>> was properly initialized. Otherwise it can lead to kernel oops. An example
>> is when a DRM driver using the component framework does not initialize the
>> drm_mode_config, because its .bind callback was not being executed due one
>> of its expected sub-devices' driver failing to probe.
>>
>> Some drivers check the struct drm_driver.registered field as an indication
>> on whether their .shutdown callback should call helpers to tearn down the
>> mode configuration or not, but most drivers just assume that it is always
>> safe to call helpers such as drm_atomic_helper_shutdown() during shutdown.
>>
>> Let make the DRM core more robust and prevent this to happen, by marking a
>> struct drm_mode_config as initialized during drmm_mode_config_init(). that
>> way helpers can check for it and not attempt to grab uninitialized mutexes.
>
> I disagree. This patch looks like cargo-cult programming and entirely
> arbitrary. The solution here is to fix drivers. The actual test to
> perform is to instrument the mutex implementation to detect
> uninitialized mutexes.
>
While I do agree that drivers should be fixed, IMO we should try to make it
hard for the kernel to crash. We already have checks in other DRM helpers to
avoid accessing uninitialized data, so I don't see why we couldn't do the
same here.
I wrote this patch after fixing a bug in the drm/msm driver [0]. By looking
at how other drivers handled this case, I'm pretty sure that they have the
same problem. A warning is much better than a kernel crash during shutdown.
[0]: https://patchwork.kernel.org/project/dri-devel/patch/20220724111327.1195693-1-javierm@xxxxxxxxxx/
> Best regards
> Thomas
>
--
Best regards,
Javier Martinez Canillas
Linux Engineering
Red Hat