From: "Ricardo Cañuelo" <ricardo.canuelo@collabora.com>
To: dri-devel@lists.freedesktop.org
Cc: "Ricardo Cañuelo" <ricardo.canuelo@collabora.com>,
linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org,
kernel@collabora.com, andrzej.hajda@intel.com,
narmstrong@baylibre.com, maarten.lankhorst@linux.intel.com,
mripard@kernel.org
Subject: [PATCH 1/2] drm/bridge: parade-ps8640: avoid race condition on driver unbinding
Date: Fri, 25 Feb 2022 14:45:03 +0100 [thread overview]
Message-ID: <20220225134504.457245-2-ricardo.canuelo@collabora.com> (raw)
In-Reply-To: <20220225134504.457245-1-ricardo.canuelo@collabora.com>
When unbinding a DRM master driver there's a race condition that
sometimes results in an invalid vm access when userspace (gnome-shell)
issues a DRM_IOCTL_MODE_GETCONNECTOR ioctl right after a bridge has been
removed from an encoder's bridge chain.
This means that once a bridge has been disabled and gone through
ps8640_post_disable(), if ps8640_bridge_get_edid() runs afterwards as a
result of that ioctl call it will call drm_bridge_chain_pre_enable()
and drm_bridge_chain_post_disable() again in a bridge that has been
already detached.
Setting `ps_bridge->pre_enabled = false` at a later stage of the
bringdown path and calling drm_bridge_chain_pre_enable() inside
ps8640_bridge_get_edid() only if needed avoid this, although a proper
subsystem-wide fix would be the proper solution, since the same type of
race conditions might happen somewhere else.
Tested on an Acer Chromebook R13 (Elm, MT8173) with Debian Sid.
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
---
drivers/gpu/drm/bridge/parade-ps8640.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/bridge/parade-ps8640.c b/drivers/gpu/drm/bridge/parade-ps8640.c
index 3f17337ee389..a927787a89bf 100644
--- a/drivers/gpu/drm/bridge/parade-ps8640.c
+++ b/drivers/gpu/drm/bridge/parade-ps8640.c
@@ -434,8 +434,6 @@ static void ps8640_post_disable(struct drm_bridge *bridge)
{
struct ps8640 *ps_bridge = bridge_to_ps8640(bridge);
- ps_bridge->pre_enabled = false;
-
ps8640_bridge_vdo_control(ps_bridge, DISABLE);
pm_runtime_put_sync_suspend(&ps_bridge->page[PAGE0_DP_CNTL]->dev);
}
@@ -487,6 +485,7 @@ static void ps8640_bridge_detach(struct drm_bridge *bridge)
drm_dp_aux_unregister(&ps_bridge->aux);
if (ps_bridge->link)
device_link_del(ps_bridge->link);
+ ps_bridge->pre_enabled = false;
}
static struct edid *ps8640_bridge_get_edid(struct drm_bridge *bridge,
@@ -508,7 +507,8 @@ static struct edid *ps8640_bridge_get_edid(struct drm_bridge *bridge,
* EDID, for this chip, we need to do a full poweron, otherwise it will
* fail.
*/
- drm_bridge_chain_pre_enable(bridge);
+ if (poweroff)
+ drm_bridge_chain_pre_enable(bridge);
edid = drm_get_edid(connector,
ps_bridge->page[PAGE0_DP_CNTL]->adapter);
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: "Ricardo Cañuelo" <ricardo.canuelo@collabora.com>
To: dri-devel@lists.freedesktop.org
Cc: narmstrong@baylibre.com, linux-kernel@vger.kernel.org,
linux-mediatek@lists.infradead.org, andrzej.hajda@intel.com,
kernel@collabora.com,
"Ricardo Cañuelo" <ricardo.canuelo@collabora.com>
Subject: [PATCH 1/2] drm/bridge: parade-ps8640: avoid race condition on driver unbinding
Date: Fri, 25 Feb 2022 14:45:03 +0100 [thread overview]
Message-ID: <20220225134504.457245-2-ricardo.canuelo@collabora.com> (raw)
In-Reply-To: <20220225134504.457245-1-ricardo.canuelo@collabora.com>
When unbinding a DRM master driver there's a race condition that
sometimes results in an invalid vm access when userspace (gnome-shell)
issues a DRM_IOCTL_MODE_GETCONNECTOR ioctl right after a bridge has been
removed from an encoder's bridge chain.
This means that once a bridge has been disabled and gone through
ps8640_post_disable(), if ps8640_bridge_get_edid() runs afterwards as a
result of that ioctl call it will call drm_bridge_chain_pre_enable()
and drm_bridge_chain_post_disable() again in a bridge that has been
already detached.
Setting `ps_bridge->pre_enabled = false` at a later stage of the
bringdown path and calling drm_bridge_chain_pre_enable() inside
ps8640_bridge_get_edid() only if needed avoid this, although a proper
subsystem-wide fix would be the proper solution, since the same type of
race conditions might happen somewhere else.
Tested on an Acer Chromebook R13 (Elm, MT8173) with Debian Sid.
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
---
drivers/gpu/drm/bridge/parade-ps8640.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/bridge/parade-ps8640.c b/drivers/gpu/drm/bridge/parade-ps8640.c
index 3f17337ee389..a927787a89bf 100644
--- a/drivers/gpu/drm/bridge/parade-ps8640.c
+++ b/drivers/gpu/drm/bridge/parade-ps8640.c
@@ -434,8 +434,6 @@ static void ps8640_post_disable(struct drm_bridge *bridge)
{
struct ps8640 *ps_bridge = bridge_to_ps8640(bridge);
- ps_bridge->pre_enabled = false;
-
ps8640_bridge_vdo_control(ps_bridge, DISABLE);
pm_runtime_put_sync_suspend(&ps_bridge->page[PAGE0_DP_CNTL]->dev);
}
@@ -487,6 +485,7 @@ static void ps8640_bridge_detach(struct drm_bridge *bridge)
drm_dp_aux_unregister(&ps_bridge->aux);
if (ps_bridge->link)
device_link_del(ps_bridge->link);
+ ps_bridge->pre_enabled = false;
}
static struct edid *ps8640_bridge_get_edid(struct drm_bridge *bridge,
@@ -508,7 +507,8 @@ static struct edid *ps8640_bridge_get_edid(struct drm_bridge *bridge,
* EDID, for this chip, we need to do a full poweron, otherwise it will
* fail.
*/
- drm_bridge_chain_pre_enable(bridge);
+ if (poweroff)
+ drm_bridge_chain_pre_enable(bridge);
edid = drm_get_edid(connector,
ps_bridge->page[PAGE0_DP_CNTL]->adapter);
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: "Ricardo Cañuelo" <ricardo.canuelo@collabora.com>
To: dri-devel@lists.freedesktop.org
Cc: "Ricardo Cañuelo" <ricardo.canuelo@collabora.com>,
linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org,
kernel@collabora.com, andrzej.hajda@intel.com,
narmstrong@baylibre.com, maarten.lankhorst@linux.intel.com,
mripard@kernel.org
Subject: [PATCH 1/2] drm/bridge: parade-ps8640: avoid race condition on driver unbinding
Date: Fri, 25 Feb 2022 14:45:03 +0100 [thread overview]
Message-ID: <20220225134504.457245-2-ricardo.canuelo@collabora.com> (raw)
In-Reply-To: <20220225134504.457245-1-ricardo.canuelo@collabora.com>
When unbinding a DRM master driver there's a race condition that
sometimes results in an invalid vm access when userspace (gnome-shell)
issues a DRM_IOCTL_MODE_GETCONNECTOR ioctl right after a bridge has been
removed from an encoder's bridge chain.
This means that once a bridge has been disabled and gone through
ps8640_post_disable(), if ps8640_bridge_get_edid() runs afterwards as a
result of that ioctl call it will call drm_bridge_chain_pre_enable()
and drm_bridge_chain_post_disable() again in a bridge that has been
already detached.
Setting `ps_bridge->pre_enabled = false` at a later stage of the
bringdown path and calling drm_bridge_chain_pre_enable() inside
ps8640_bridge_get_edid() only if needed avoid this, although a proper
subsystem-wide fix would be the proper solution, since the same type of
race conditions might happen somewhere else.
Tested on an Acer Chromebook R13 (Elm, MT8173) with Debian Sid.
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
---
drivers/gpu/drm/bridge/parade-ps8640.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/bridge/parade-ps8640.c b/drivers/gpu/drm/bridge/parade-ps8640.c
index 3f17337ee389..a927787a89bf 100644
--- a/drivers/gpu/drm/bridge/parade-ps8640.c
+++ b/drivers/gpu/drm/bridge/parade-ps8640.c
@@ -434,8 +434,6 @@ static void ps8640_post_disable(struct drm_bridge *bridge)
{
struct ps8640 *ps_bridge = bridge_to_ps8640(bridge);
- ps_bridge->pre_enabled = false;
-
ps8640_bridge_vdo_control(ps_bridge, DISABLE);
pm_runtime_put_sync_suspend(&ps_bridge->page[PAGE0_DP_CNTL]->dev);
}
@@ -487,6 +485,7 @@ static void ps8640_bridge_detach(struct drm_bridge *bridge)
drm_dp_aux_unregister(&ps_bridge->aux);
if (ps_bridge->link)
device_link_del(ps_bridge->link);
+ ps_bridge->pre_enabled = false;
}
static struct edid *ps8640_bridge_get_edid(struct drm_bridge *bridge,
@@ -508,7 +507,8 @@ static struct edid *ps8640_bridge_get_edid(struct drm_bridge *bridge,
* EDID, for this chip, we need to do a full poweron, otherwise it will
* fail.
*/
- drm_bridge_chain_pre_enable(bridge);
+ if (poweroff)
+ drm_bridge_chain_pre_enable(bridge);
edid = drm_get_edid(connector,
ps_bridge->page[PAGE0_DP_CNTL]->adapter);
--
2.25.1
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
next prev parent reply other threads:[~2022-02-25 13:45 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-25 13:45 [PATCH 0/2] Mitigate race condition problems when unbinding DRM driver Ricardo Cañuelo
2022-02-25 13:45 ` Ricardo Cañuelo
2022-02-25 13:45 ` Ricardo Cañuelo
2022-02-25 13:45 ` Ricardo Cañuelo [this message]
2022-02-25 13:45 ` [PATCH 1/2] drm/bridge: parade-ps8640: avoid race condition on driver unbinding Ricardo Cañuelo
2022-02-25 13:45 ` Ricardo Cañuelo
2022-02-25 13:45 ` [PATCH 2/2] drm/bridge: Add extra checks in pre_enable and post_enable Ricardo Cañuelo
2022-02-25 13:45 ` Ricardo Cañuelo
2022-02-25 13:45 ` Ricardo Cañuelo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220225134504.457245-2-ricardo.canuelo@collabora.com \
--to=ricardo.canuelo@collabora.com \
--cc=andrzej.hajda@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=kernel@collabora.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=maarten.lankhorst@linux.intel.com \
--cc=mripard@kernel.org \
--cc=narmstrong@baylibre.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.