| Message ID | 20211102084628.149070-1-heying24@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [-V2] drm/sun4i: Grab reference of connector before return connector from sun4i_tcon_get_connector | expand |
Hi, On Tue, Nov 02, 2021 at 04:46:28AM -0400, He Ying wrote: > From the comments of drm_for_each_connector_iter(), we know > that "connector is only valid within the list body, if you > want to use connector after calling drm_connector_list_iter_end() > then you need to grab your own reference first using > drm_connector_get()". So fix the wrong use of connector > according to the comments and then call drm_connector_put() > after using connector finishes. > > Signed-off-by: He Ying <heying24@huawei.com> > --- > > V2: > Use proper subject prefix > > drivers/gpu/drm/sun4i/sun4i_tcon.c | 18 +++++++++++++----- > 1 file changed, 13 insertions(+), 5 deletions(-) > > diff --git a/drivers/gpu/drm/sun4i/sun4i_tcon.c b/drivers/gpu/drm/sun4i/sun4i_tcon.c > index 9f06dec0fc61..24fa6784ee5f 100644 > --- a/drivers/gpu/drm/sun4i/sun4i_tcon.c > +++ b/drivers/gpu/drm/sun4i/sun4i_tcon.c > @@ -47,12 +47,12 @@ static struct drm_connector *sun4i_tcon_get_connector(const struct drm_encoder * > drm_connector_list_iter_begin(encoder->dev, &iter); > drm_for_each_connector_iter(connector, &iter) > if (connector->encoder == encoder) { > - drm_connector_list_iter_end(&iter); > - return connector; > + drm_connector_get(connector); > + break; > } > drm_connector_list_iter_end(&iter); > > - return NULL; > + return connector; Connector might be uninitialized if we don't find one here > } > > static int sun4i_tcon_get_pixel_depth(const struct drm_encoder *encoder) > @@ -65,6 +65,7 @@ static int sun4i_tcon_get_pixel_depth(const struct drm_encoder *encoder) > return -EINVAL; > > info = &connector->display_info; > + drm_connector_put(connector); > if (info->num_bus_formats != 1) We're still accessing connector->display_info here, but it might have been freed already. Maxime
在 2021/11/2 23:03, Maxime Ripard 写道: > Hi, > > On Tue, Nov 02, 2021 at 04:46:28AM -0400, He Ying wrote: >> From the comments of drm_for_each_connector_iter(), we know >> that "connector is only valid within the list body, if you >> want to use connector after calling drm_connector_list_iter_end() >> then you need to grab your own reference first using >> drm_connector_get()". So fix the wrong use of connector >> according to the comments and then call drm_connector_put() >> after using connector finishes. >> >> Signed-off-by: He Ying <heying24@huawei.com> >> --- >> >> V2: >> Use proper subject prefix >> >> drivers/gpu/drm/sun4i/sun4i_tcon.c | 18 +++++++++++++----- >> 1 file changed, 13 insertions(+), 5 deletions(-) >> >> diff --git a/drivers/gpu/drm/sun4i/sun4i_tcon.c b/drivers/gpu/drm/sun4i/sun4i_tcon.c >> index 9f06dec0fc61..24fa6784ee5f 100644 >> --- a/drivers/gpu/drm/sun4i/sun4i_tcon.c >> +++ b/drivers/gpu/drm/sun4i/sun4i_tcon.c >> @@ -47,12 +47,12 @@ static struct drm_connector *sun4i_tcon_get_connector(const struct drm_encoder * >> drm_connector_list_iter_begin(encoder->dev, &iter); >> drm_for_each_connector_iter(connector, &iter) >> if (connector->encoder == encoder) { >> - drm_connector_list_iter_end(&iter); >> - return connector; >> + drm_connector_get(connector); >> + break; >> } >> drm_connector_list_iter_end(&iter); >> >> - return NULL; >> + return connector; > Connector might be uninitialized if we don't find one here Connector should be NULL if we don't find one. The code is #define drm_for_each_connector_iter(connector, iter) \ while ((connector = drm_connector_list_iter_next(iter))) So, when we don't break from the while body, connector can only be NULL. > >> } >> >> static int sun4i_tcon_get_pixel_depth(const struct drm_encoder *encoder) >> @@ -65,6 +65,7 @@ static int sun4i_tcon_get_pixel_depth(const struct drm_encoder *encoder) >> return -EINVAL; >> >> info = &connector->display_info; >> + drm_connector_put(connector); >> if (info->num_bus_formats != 1) > We're still accessing connector->display_info here, but it might have been > freed already. Agree. I'll place it after using 'info' finishes in v3. > > Maxime
diff --git a/drivers/gpu/drm/sun4i/sun4i_tcon.c b/drivers/gpu/drm/sun4i/sun4i_tcon.c index 9f06dec0fc61..24fa6784ee5f 100644 --- a/drivers/gpu/drm/sun4i/sun4i_tcon.c +++ b/drivers/gpu/drm/sun4i/sun4i_tcon.c @@ -47,12 +47,12 @@ static struct drm_connector *sun4i_tcon_get_connector(const struct drm_encoder * drm_connector_list_iter_begin(encoder->dev, &iter); drm_for_each_connector_iter(connector, &iter) if (connector->encoder == encoder) { - drm_connector_list_iter_end(&iter); - return connector; + drm_connector_get(connector); + break; } drm_connector_list_iter_end(&iter); - return NULL; + return connector; } static int sun4i_tcon_get_pixel_depth(const struct drm_encoder *encoder) @@ -65,6 +65,7 @@ static int sun4i_tcon_get_pixel_depth(const struct drm_encoder *encoder) return -EINVAL; info = &connector->display_info; + drm_connector_put(connector); if (info->num_bus_formats != 1) return -EINVAL; @@ -361,6 +362,7 @@ static void sun4i_tcon0_mode_set_cpu(struct sun4i_tcon *tcon, /* TODO support normal CPU interface modes */ struct sun6i_dsi *dsi = encoder_to_sun6i_dsi(encoder); struct mipi_dsi_device *device = dsi->device; + struct drm_connector *connector; u8 bpp = mipi_dsi_pixel_format_to_bpp(device->format); u8 lanes = device->lanes; u32 block_space, start_delay; @@ -372,7 +374,9 @@ static void sun4i_tcon0_mode_set_cpu(struct sun4i_tcon *tcon, sun4i_tcon0_mode_set_common(tcon, mode); /* Set dithering if needed */ - sun4i_tcon0_mode_set_dithering(tcon, sun4i_tcon_get_connector(encoder)); + connector = sun4i_tcon_get_connector(encoder); + sun4i_tcon0_mode_set_dithering(tcon, connector); + drm_connector_put(connector); regmap_update_bits(tcon->regs, SUN4I_TCON0_CTL_REG, SUN4I_TCON0_CTL_IF_MASK, @@ -430,6 +434,7 @@ static void sun4i_tcon0_mode_set_lvds(struct sun4i_tcon *tcon, const struct drm_display_mode *mode) { unsigned int bp; + struct drm_connector *connector; u8 clk_delay; u32 reg, val = 0; @@ -440,7 +445,9 @@ static void sun4i_tcon0_mode_set_lvds(struct sun4i_tcon *tcon, sun4i_tcon0_mode_set_common(tcon, mode); /* Set dithering if needed */ - sun4i_tcon0_mode_set_dithering(tcon, sun4i_tcon_get_connector(encoder)); + connector = sun4i_tcon_get_connector(encoder); + sun4i_tcon0_mode_set_dithering(tcon, connector); + drm_connector_put(connector); /* Adjust clock delay */ clk_delay = sun4i_tcon_get_clk_delay(mode, 0); @@ -518,6 +525,7 @@ static void sun4i_tcon0_mode_set_rgb(struct sun4i_tcon *tcon, /* Set dithering if needed */ sun4i_tcon0_mode_set_dithering(tcon, connector); + drm_connector_put(connector); /* Adjust clock delay */ clk_delay = sun4i_tcon_get_clk_delay(mode, 0);
From the comments of drm_for_each_connector_iter(), we know that "connector is only valid within the list body, if you want to use connector after calling drm_connector_list_iter_end() then you need to grab your own reference first using drm_connector_get()". So fix the wrong use of connector according to the comments and then call drm_connector_put() after using connector finishes. Signed-off-by: He Ying <heying24@huawei.com> --- V2: Use proper subject prefix drivers/gpu/drm/sun4i/sun4i_tcon.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-)