1. Patchew
  2. linux
  3. View series

[PATCH] drm/mediatek: fix device leaks at bind

Johan Hovold posted 1 patch 2 months, 2 weeks ago 
drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] drm/mediatek: fix device leaks at bind
Posted by Johan Hovold 2 months, 2 weeks ago 
Make sure to drop the references to the sibling platform devices and
their child drm devices taken by of_find_device_by_node() and
device_find_child() when initialising the driver data during bind().

Fixes: 1ef7ed48356c ("drm/mediatek: Modify mediatek-drm for mt8195 multi mmsys support")
Cc: stable@vger.kernel.org	# 6.4
Cc: Nancy.Lin <nancy.lin@mediatek.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
---
 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
index 7c0c12dde488..33b83576af7e 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
@@ -395,10 +395,12 @@ static bool mtk_drm_get_all_drm_priv(struct device *dev)
 			continue;
 
 		drm_dev = device_find_child(&pdev->dev, NULL, mtk_drm_match);
+		put_device(&pdev->dev);
 		if (!drm_dev)
 			continue;
 
 		temp_drm_priv = dev_get_drvdata(drm_dev);
+		put_device(drm_dev);
 		if (!temp_drm_priv)
 			continue;
 
-- 
2.49.1
Re: [PATCH] drm/mediatek: fix device leaks at bind
Posted by CK Hu (胡俊光) 2 months ago 
On Tue, 2025-07-22 at 11:27 +0200, Johan Hovold wrote:
> External email : Please do not click links or open attachments until you have verified the sender or the content.
> 
> 
> Make sure to drop the references to the sibling platform devices and
> their child drm devices taken by of_find_device_by_node() and
> device_find_child() when initialising the driver data during bind().

Reviewed-by: CK Hu <ck.hu@mediatek.com>

> 
> Fixes: 1ef7ed48356c ("drm/mediatek: Modify mediatek-drm for mt8195 multi mmsys support")
> Cc: stable@vger.kernel.org      # 6.4
> Cc: Nancy.Lin <nancy.lin@mediatek.com>
> Signed-off-by: Johan Hovold <johan@kernel.org>
> ---
>  drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> index 7c0c12dde488..33b83576af7e 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> @@ -395,10 +395,12 @@ static bool mtk_drm_get_all_drm_priv(struct device *dev)
>                         continue;
> 
>                 drm_dev = device_find_child(&pdev->dev, NULL, mtk_drm_match);
> +               put_device(&pdev->dev);
>                 if (!drm_dev)
>                         continue;
> 
>                 temp_drm_priv = dev_get_drvdata(drm_dev);
> +               put_device(drm_dev);
>                 if (!temp_drm_priv)
>                         continue;
> 
> --
> 2.49.1
>
Re: [PATCH] drm/mediatek: fix device leaks at bind
Posted by Johan Hovold 1 month, 1 week ago 
On Tue, Jul 22, 2025 at 11:27:22AM +0200, Johan Hovold wrote:
> Make sure to drop the references to the sibling platform devices and
> their child drm devices taken by of_find_device_by_node() and
> device_find_child() when initialising the driver data during bind().
> 
> Fixes: 1ef7ed48356c ("drm/mediatek: Modify mediatek-drm for mt8195 multi mmsys support")
> Cc: stable@vger.kernel.org	# 6.4
> Cc: Nancy.Lin <nancy.lin@mediatek.com>
> Signed-off-by: Johan Hovold <johan@kernel.org>

Can this one be picked up?

Johan
Re: [PATCH] drm/mediatek: fix device leaks at bind
Posted by Chun-Kuang Hu 1 month, 1 week ago 
Hi, Johan:

Johan Hovold <johan@kernel.org> 於 2025年8月27日 週三 下午5:51寫道:
>
> On Tue, Jul 22, 2025 at 11:27:22AM +0200, Johan Hovold wrote:
> > Make sure to drop the references to the sibling platform devices and
> > their child drm devices taken by of_find_device_by_node() and
> > device_find_child() when initialising the driver data during bind().
> >
> > Fixes: 1ef7ed48356c ("drm/mediatek: Modify mediatek-drm for mt8195 multi mmsys support")
> > Cc: stable@vger.kernel.org    # 6.4
> > Cc: Nancy.Lin <nancy.lin@mediatek.com>
> > Signed-off-by: Johan Hovold <johan@kernel.org>
>
> Can this one be picked up?

Ma Ke has sent a similar patch [1] before you. And that patch fix more things.
I've already pick up the final version [2].

[1] https://patchwork.kernel.org/project/dri-devel/patch/20250718033226.3390054-1-make24@iscas.ac.cn/
[2] https://git.kernel.org/pub/scm/linux/kernel/git/chunkuang.hu/linux.git/commit/?h=mediatek-drm-fixes-20250825&id=1f403699c40f0806a707a9a6eed3b8904224021a

Regards,
Chun-Kuang.

>
> Johan
Re: [PATCH] drm/mediatek: fix device leaks at bind
Posted by Johan Hovold 1 month, 1 week ago 
On Fri, Aug 29, 2025 at 07:51:23AM +0800, Chun-Kuang Hu wrote:
> Johan Hovold <johan@kernel.org> 於 2025年8月27日 週三 下午5:51寫道:

> > On Tue, Jul 22, 2025 at 11:27:22AM +0200, Johan Hovold wrote:
> > > Make sure to drop the references to the sibling platform devices and
> > > their child drm devices taken by of_find_device_by_node() and
> > > device_find_child() when initialising the driver data during bind().
> > >
> > > Fixes: 1ef7ed48356c ("drm/mediatek: Modify mediatek-drm for mt8195 multi mmsys support")
> > > Cc: stable@vger.kernel.org    # 6.4
> > > Cc: Nancy.Lin <nancy.lin@mediatek.com>
> > > Signed-off-by: Johan Hovold <johan@kernel.org>
> >
> > Can this one be picked up?
> 
> Ma Ke has sent a similar patch [1] before you. And that patch fix more things.
> I've already pick up the final version [2].
> 
> [1] https://patchwork.kernel.org/project/dri-devel/patch/20250718033226.3390054-1-make24@iscas.ac.cn/
> [2] https://git.kernel.org/pub/scm/linux/kernel/git/chunkuang.hu/linux.git/commit/?h=mediatek-drm-fixes-20250825&id=1f403699c40f0806a707a9a6eed3b8904224021a

I'm afraid that patch is completely broken and introduces a potential
use-after-free by adding a bogus decrement of the OF node refcount.

I suggest you drop that one and pick up mine instead which is correct
and cleaner.

Johan
Re: [PATCH] drm/mediatek: fix device leaks at bind
Posted by Johan Hovold 1 month, 1 week ago 
On Fri, Aug 29, 2025 at 09:49:07AM +0200, Johan Hovold wrote:
> On Fri, Aug 29, 2025 at 07:51:23AM +0800, Chun-Kuang Hu wrote:
> > Johan Hovold <johan@kernel.org> 於 2025年8月27日 週三 下午5:51寫道:
> 
> > > On Tue, Jul 22, 2025 at 11:27:22AM +0200, Johan Hovold wrote:
> > > > Make sure to drop the references to the sibling platform devices and
> > > > their child drm devices taken by of_find_device_by_node() and
> > > > device_find_child() when initialising the driver data during bind().
> > > >
> > > > Fixes: 1ef7ed48356c ("drm/mediatek: Modify mediatek-drm for mt8195 multi mmsys support")
> > > > Cc: stable@vger.kernel.org    # 6.4
> > > > Cc: Nancy.Lin <nancy.lin@mediatek.com>
> > > > Signed-off-by: Johan Hovold <johan@kernel.org>
> > >
> > > Can this one be picked up?
> > 
> > Ma Ke has sent a similar patch [1] before you. And that patch fix more things.
> > I've already pick up the final version [2].
> > 
> > [1] https://patchwork.kernel.org/project/dri-devel/patch/20250718033226.3390054-1-make24@iscas.ac.cn/
> > [2] https://git.kernel.org/pub/scm/linux/kernel/git/chunkuang.hu/linux.git/commit/?h=mediatek-drm-fixes-20250825&id=1f403699c40f0806a707a9a6eed3b8904224021a
> 
> I'm afraid that patch is completely broken and introduces a potential
> use-after-free by adding a bogus decrement of the OF node refcount.
> 
> I suggest you drop that one and pick up mine instead which is correct
> and cleaner.

I see now that that patch was included in a drm pull request for rc4.
I'll send an incremental fix instead.

Johan

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.