Message ID | 20220510122726.v3.3.Iba4b9bf6c7a1ee5ea2835ad7bd5eaf84d7688520@changeid |
---|---|
State | Accepted |
Commit | 50e156bd8a9d0910ac4bae5fcff00ddb798db967 |
Headers | show |
Series | drm/dp: Make DP AUX bus usage easier; use it on ps8640 | expand |
Hi, On Tue, May 10, 2022 at 5:22 PM Dmitry Baryshkov <dmitry.baryshkov@linaro.org> wrote: > > On Tue, 10 May 2022 at 22:30, Douglas Anderson <dianders@chromium.org> wrote: > > > > This adds a devm managed version of drm_bridge_add(). Like other > > "devm" function listed in drm_bridge.h, this function takes an > > explicit "dev" to use for the lifetime management. A few notes: > > * In general we have a "struct device" for bridges that makes a good > > candidate for where the lifetime matches exactly what we want. > > * The "bridge->dev->dev" device appears to be the encoder > > device. That's not the right device to use for lifetime management. > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> Thanks for the review! For now I'll hold off on landing this until sometime has time to review the other patches in the series. While not technically required, it seems weird to add the devm function without any callers. -Doug
Hi, On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote: > This adds a devm managed version of drm_bridge_add(). Like other > "devm" function listed in drm_bridge.h, this function takes an > explicit "dev" to use for the lifetime management. A few notes: > * In general we have a "struct device" for bridges that makes a good > candidate for where the lifetime matches exactly what we want. > * The "bridge->dev->dev" device appears to be the encoder > device. That's not the right device to use for lifetime management. > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > Signed-off-by: Douglas Anderson <dianders@chromium.org> If we are to introduce more managed helpers, I think it'd be wiser to introduce them as DRM-managed, and not device managed. Otherwise, you'll end up in a weird state when a device has been removed but the DRM device is still around. Maxime
Hi, On Sat, May 21, 2022 at 2:17 AM Maxime Ripard <maxime@cerno.tech> wrote: > > Hi, > > On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote: > > This adds a devm managed version of drm_bridge_add(). Like other > > "devm" function listed in drm_bridge.h, this function takes an > > explicit "dev" to use for the lifetime management. A few notes: > > * In general we have a "struct device" for bridges that makes a good > > candidate for where the lifetime matches exactly what we want. > > * The "bridge->dev->dev" device appears to be the encoder > > device. That's not the right device to use for lifetime management. > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > If we are to introduce more managed helpers, I think it'd be wiser to > introduce them as DRM-managed, and not device managed. > > Otherwise, you'll end up in a weird state when a device has been removed > but the DRM device is still around. I'm kinda confused. In this case there is no DRM device for the bridge and, as per my CL description, "bridge-dev->dev" appears to be the encoder device. I wasn't personally involved in discussions about it, but I was under the impression that this was expected / normal. Thus we can't make this DRM-managed. -Doug
Maxime, On Mon, May 23, 2022 at 10:00 AM Doug Anderson <dianders@chromium.org> wrote: > > Hi, > > On Sat, May 21, 2022 at 2:17 AM Maxime Ripard <maxime@cerno.tech> wrote: > > > > Hi, > > > > On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote: > > > This adds a devm managed version of drm_bridge_add(). Like other > > > "devm" function listed in drm_bridge.h, this function takes an > > > explicit "dev" to use for the lifetime management. A few notes: > > > * In general we have a "struct device" for bridges that makes a good > > > candidate for where the lifetime matches exactly what we want. > > > * The "bridge->dev->dev" device appears to be the encoder > > > device. That's not the right device to use for lifetime management. > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > introduce them as DRM-managed, and not device managed. > > > > Otherwise, you'll end up in a weird state when a device has been removed > > but the DRM device is still around. > > I'm kinda confused. In this case there is no DRM device for the bridge > and, as per my CL description, "bridge-dev->dev" appears to be the > encoder device. I wasn't personally involved in discussions about it, > but I was under the impression that this was expected / normal. Thus > we can't make this DRM-managed. Since I didn't hear a reply, I'll assume that my response addressed your concerns. Assuming I get reviews for the other two patches in this series I'll plan to land this with Dmitry's review. -Doug
On Tue, May 31, 2022 at 02:06:34PM -0700, Doug Anderson wrote: > On Mon, May 23, 2022 at 10:00 AM Doug Anderson <dianders@chromium.org> wrote: > > On Sat, May 21, 2022 at 2:17 AM Maxime Ripard <maxime@cerno.tech> wrote: > > > On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote: > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > * In general we have a "struct device" for bridges that makes a good > > > > candidate for where the lifetime matches exactly what we want. > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > device. That's not the right device to use for lifetime management. > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > introduce them as DRM-managed, and not device managed. > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > but the DRM device is still around. > > > > I'm kinda confused. In this case there is no DRM device for the bridge > > and, as per my CL description, "bridge-dev->dev" appears to be the > > encoder device. I wasn't personally involved in discussions about it, > > but I was under the impression that this was expected / normal. Thus > > we can't make this DRM-managed. > > Since I didn't hear a reply, Gah, I replied but it looks like somehow it never reached the ML... Here was my original reply: > > > This adds a devm managed version of drm_bridge_add(). Like other > > > "devm" function listed in drm_bridge.h, this function takes an > > > explicit "dev" to use for the lifetime management. A few notes: > > > * In general we have a "struct device" for bridges that makes a good > > > candidate for where the lifetime matches exactly what we want. > > > * The "bridge->dev->dev" device appears to be the encoder > > > device. That's not the right device to use for lifetime management. > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > introduce them as DRM-managed, and not device managed. > > > > Otherwise, you'll end up in a weird state when a device has been removed > > but the DRM device is still around. >=20 > I'm kinda confused. In this case there is no DRM device for the bridge > and, as per my CL description, "bridge-dev->dev" appears to be the > encoder device. bridge->dev seems right though? > I wasn't personally involved in discussions about it, but I was under > the impression that this was expected / normal. Thus we can't make > this DRM-managed. Still, I don't think devm is the right solution to this either. The underlying issue is two-fold: - Encoders can have a pointer to a bridge through of_drm_find_bridge or similar. However, bridges are traditionally tied to their device lifetime (by calling drm_bridge_add in probe, and drm_bridge_remove in remove). Encoders will typically be tied to the DRM device however, and that one sticks around until the last application closes it. We can thus very easily end up with a dangling pointer, and a use-after-free. - It's not the case yet, but it doesn't seem far fetch to expose properties of bridges to the userspace. In that case, the userspace would be likely to still hold references to objects that aren't there anymore when the bridge is gone. The first is obviously a larger concern, but if we can find a solution that would accomodate the second it would be great. As far as I can see, we should fix in two steps: - in drm_bridge_attach, we should add a device-managed call that will unregister the main DRM device. We don't allow to probe the main DRM device when the bridge isn't there yet in most case, so it makes sense to remove it once the bridge is no longer there as well. - When the DRM device is removed, have the core cleanup any bridge registered. That will remove the need to have drm_bridge_remove in the first place. > I'll assume that my response addressed your concerns. Assuming I get > reviews for the other two patches in this series I'll plan to land > this with Dmitry's review. I still don't think it's a good idea to merge it. It gives an illusion of being safe, but it's really far from it. Maxime
On Fri, 3 Jun 2022 at 11:21, Maxime Ripard <maxime@cerno.tech> wrote: > > On Tue, May 31, 2022 at 02:06:34PM -0700, Doug Anderson wrote: > > On Mon, May 23, 2022 at 10:00 AM Doug Anderson <dianders@chromium.org> wrote: > > > On Sat, May 21, 2022 at 2:17 AM Maxime Ripard <maxime@cerno.tech> wrote: > > > > On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote: > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > candidate for where the lifetime matches exactly what we want. > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > but the DRM device is still around. > > > > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > encoder device. I wasn't personally involved in discussions about it, > > > but I was under the impression that this was expected / normal. Thus > > > we can't make this DRM-managed. > > > > Since I didn't hear a reply, > > Gah, I replied but it looks like somehow it never reached the ML... > > Here was my original reply: > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > * In general we have a "struct device" for bridges that makes a good > > > > candidate for where the lifetime matches exactly what we want. > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > device. That's not the right device to use for lifetime management. > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > introduce them as DRM-managed, and not device managed. > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > but the DRM device is still around. > >=20 > > I'm kinda confused. In this case there is no DRM device for the bridge > > and, as per my CL description, "bridge-dev->dev" appears to be the > > encoder device. > > bridge->dev seems right though? > > > I wasn't personally involved in discussions about it, but I was under > > the impression that this was expected / normal. Thus we can't make > > this DRM-managed. > > Still, I don't think devm is the right solution to this either. > > The underlying issue is two-fold: > > - Encoders can have a pointer to a bridge through of_drm_find_bridge > or similar. However, bridges are traditionally tied to their device > lifetime (by calling drm_bridge_add in probe, and drm_bridge_remove > in remove). Encoders will typically be tied to the DRM device > however, and that one sticks around until the last application > closes it. We can thus very easily end up with a dangling pointer, > and a use-after-free. > > - It's not the case yet, but it doesn't seem far fetch to expose > properties of bridges to the userspace. In that case, the userspace > would be likely to still hold references to objects that aren't > there anymore when the bridge is gone. > > The first is obviously a larger concern, but if we can find a solution > that would accomodate the second it would be great. > > As far as I can see, we should fix in two steps: > > - in drm_bridge_attach, we should add a device-managed call that will > unregister the main DRM device. We don't allow to probe the main DRM > device when the bridge isn't there yet in most case, so it makes > sense to remove it once the bridge is no longer there as well. The problem is that I do not see a good way to unregister the main DRM device outside of it's driver code. > > - When the DRM device is removed, have the core cleanup any bridge > registered. That will remove the need to have drm_bridge_remove in > the first place. > > > I'll assume that my response addressed your concerns. Assuming I get > > reviews for the other two patches in this series I'll plan to land > > this with Dmitry's review. > > I still don't think it's a good idea to merge it. It gives an illusion > of being safe, but it's really far from it. It is more of removing the boilerplate code spread over all the drivers rather than about particular safety. I'd propose to land devm_drm_bridge_add (and deprecate calling drm_bridge_remove from the bridge driver at some point) and work on the whole drm_device <-> drm_bridge problem in the meantime.
Hi, On Fri, Jun 3, 2022 at 3:19 AM Dmitry Baryshkov <dmitry.baryshkov@linaro.org> wrote: > > On Fri, 3 Jun 2022 at 11:21, Maxime Ripard <maxime@cerno.tech> wrote: > > > > On Tue, May 31, 2022 at 02:06:34PM -0700, Doug Anderson wrote: > > > On Mon, May 23, 2022 at 10:00 AM Doug Anderson <dianders@chromium.org> wrote: > > > > On Sat, May 21, 2022 at 2:17 AM Maxime Ripard <maxime@cerno.tech> wrote: > > > > > On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote: > > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > > candidate for where the lifetime matches exactly what we want. > > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > > but the DRM device is still around. > > > > > > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > > encoder device. I wasn't personally involved in discussions about it, > > > > but I was under the impression that this was expected / normal. Thus > > > > we can't make this DRM-managed. > > > > > > Since I didn't hear a reply, > > > > Gah, I replied but it looks like somehow it never reached the ML... > > > > Here was my original reply: > > > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > candidate for where the lifetime matches exactly what we want. > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > but the DRM device is still around. > > >=20 > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > encoder device. > > > > bridge->dev seems right though? > > > > > I wasn't personally involved in discussions about it, but I was under > > > the impression that this was expected / normal. Thus we can't make > > > this DRM-managed. > > > > Still, I don't think devm is the right solution to this either. > > > > The underlying issue is two-fold: > > > > - Encoders can have a pointer to a bridge through of_drm_find_bridge > > or similar. However, bridges are traditionally tied to their device > > lifetime (by calling drm_bridge_add in probe, and drm_bridge_remove > > in remove). Encoders will typically be tied to the DRM device > > however, and that one sticks around until the last application > > closes it. We can thus very easily end up with a dangling pointer, > > and a use-after-free. > > > > - It's not the case yet, but it doesn't seem far fetch to expose > > properties of bridges to the userspace. In that case, the userspace > > would be likely to still hold references to objects that aren't > > there anymore when the bridge is gone. > > > > The first is obviously a larger concern, but if we can find a solution > > that would accomodate the second it would be great. > > > > As far as I can see, we should fix in two steps: > > > > - in drm_bridge_attach, we should add a device-managed call that will > > unregister the main DRM device. We don't allow to probe the main DRM > > device when the bridge isn't there yet in most case, so it makes > > sense to remove it once the bridge is no longer there as well. > > The problem is that I do not see a good way to unregister the main DRM > device outside of it's driver code. > > > > > - When the DRM device is removed, have the core cleanup any bridge > > registered. That will remove the need to have drm_bridge_remove in > > the first place. > > > > > I'll assume that my response addressed your concerns. Assuming I get > > > reviews for the other two patches in this series I'll plan to land > > > this with Dmitry's review. > > > > I still don't think it's a good idea to merge it. It gives an illusion > > of being safe, but it's really far from it. > > It is more of removing the boilerplate code spread over all the > drivers rather than about particular safety. > > I'd propose to land devm_drm_bridge_add (and deprecate calling > drm_bridge_remove from the bridge driver at some point) and work on > the whole drm_device <-> drm_bridge problem in the meantime. At this point it has been landed in drm-misc-next as per my response to the cover letter. If need be we can revert it and rework the ps8640 driver to stop using it but it wouldn't change the lifetime of the bridge. I'm not going to rework the bridge lifetime rules here. If nothing else it seems like having the devm function at least would make it obvious which drivers need to be fixed whenever the bridge lifetime problem gets solved. -Doug
On Fri, Jun 03, 2022 at 01:19:16PM +0300, Dmitry Baryshkov wrote: > On Fri, 3 Jun 2022 at 11:21, Maxime Ripard <maxime@cerno.tech> wrote: > > > > On Tue, May 31, 2022 at 02:06:34PM -0700, Doug Anderson wrote: > > > On Mon, May 23, 2022 at 10:00 AM Doug Anderson <dianders@chromium.org> wrote: > > > > On Sat, May 21, 2022 at 2:17 AM Maxime Ripard <maxime@cerno.tech> wrote: > > > > > On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote: > > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > > candidate for where the lifetime matches exactly what we want. > > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > > but the DRM device is still around. > > > > > > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > > encoder device. I wasn't personally involved in discussions about it, > > > > but I was under the impression that this was expected / normal. Thus > > > > we can't make this DRM-managed. > > > > > > Since I didn't hear a reply, > > > > Gah, I replied but it looks like somehow it never reached the ML... > > > > Here was my original reply: > > > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > candidate for where the lifetime matches exactly what we want. > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > but the DRM device is still around. > > >=20 > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > encoder device. > > > > bridge->dev seems right though? > > > > > I wasn't personally involved in discussions about it, but I was under > > > the impression that this was expected / normal. Thus we can't make > > > this DRM-managed. > > > > Still, I don't think devm is the right solution to this either. > > > > The underlying issue is two-fold: > > > > - Encoders can have a pointer to a bridge through of_drm_find_bridge > > or similar. However, bridges are traditionally tied to their device > > lifetime (by calling drm_bridge_add in probe, and drm_bridge_remove > > in remove). Encoders will typically be tied to the DRM device > > however, and that one sticks around until the last application > > closes it. We can thus very easily end up with a dangling pointer, > > and a use-after-free. > > > > - It's not the case yet, but it doesn't seem far fetch to expose > > properties of bridges to the userspace. In that case, the userspace > > would be likely to still hold references to objects that aren't > > there anymore when the bridge is gone. > > > > The first is obviously a larger concern, but if we can find a solution > > that would accomodate the second it would be great. > > > > As far as I can see, we should fix in two steps: > > > > - in drm_bridge_attach, we should add a device-managed call that will > > unregister the main DRM device. We don't allow to probe the main DRM > > device when the bridge isn't there yet in most case, so it makes > > sense to remove it once the bridge is no longer there as well. > > The problem is that I do not see a good way to unregister the main DRM > device outside of it's driver code. That's what drmm helpers are doing though: they'll defer the cleanup until the last user has closed its fd. > > - When the DRM device is removed, have the core cleanup any bridge > > registered. That will remove the need to have drm_bridge_remove in > > the first place. > > > > > I'll assume that my response addressed your concerns. Assuming I get > > > reviews for the other two patches in this series I'll plan to land > > > this with Dmitry's review. > > > > I still don't think it's a good idea to merge it. It gives an illusion > > of being safe, but it's really far from it. > > It is more of removing the boilerplate code spread over all the > drivers rather than about particular safety. > > I'd propose to land devm_drm_bridge_add (and deprecate calling > drm_bridge_remove from the bridge driver at some point) and work on > the whole drm_device <-> drm_bridge problem in the meantime. Do you really expect that to happen? :) Anyway, it's been merged, it's too late now anyway. I don't really feel like it's a good thing, but it doesn't really make the situation worse either. Maxime
On Fri, Jun 03, 2022 at 06:52:05AM -0700, Doug Anderson wrote: > On Fri, Jun 3, 2022 at 3:19 AM Dmitry Baryshkov > <dmitry.baryshkov@linaro.org> wrote: > > On Fri, 3 Jun 2022 at 11:21, Maxime Ripard <maxime@cerno.tech> wrote: > > > > > > On Tue, May 31, 2022 at 02:06:34PM -0700, Doug Anderson wrote: > > > > On Mon, May 23, 2022 at 10:00 AM Doug Anderson <dianders@chromium.org> wrote: > > > > > On Sat, May 21, 2022 at 2:17 AM Maxime Ripard <maxime@cerno.tech> wrote: > > > > > > On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote: > > > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > > > candidate for where the lifetime matches exactly what we want. > > > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > > > but the DRM device is still around. > > > > > > > > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > > > encoder device. I wasn't personally involved in discussions about it, > > > > > but I was under the impression that this was expected / normal. Thus > > > > > we can't make this DRM-managed. > > > > > > > > Since I didn't hear a reply, > > > > > > Gah, I replied but it looks like somehow it never reached the ML... > > > > > > Here was my original reply: > > > > > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > > candidate for where the lifetime matches exactly what we want. > > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > > but the DRM device is still around. > > > >=20 > > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > > encoder device. > > > > > > bridge->dev seems right though? > > > > > > > I wasn't personally involved in discussions about it, but I was under > > > > the impression that this was expected / normal. Thus we can't make > > > > this DRM-managed. > > > > > > Still, I don't think devm is the right solution to this either. > > > > > > The underlying issue is two-fold: > > > > > > - Encoders can have a pointer to a bridge through of_drm_find_bridge > > > or similar. However, bridges are traditionally tied to their device > > > lifetime (by calling drm_bridge_add in probe, and drm_bridge_remove > > > in remove). Encoders will typically be tied to the DRM device > > > however, and that one sticks around until the last application > > > closes it. We can thus very easily end up with a dangling pointer, > > > and a use-after-free. > > > > > > - It's not the case yet, but it doesn't seem far fetch to expose > > > properties of bridges to the userspace. In that case, the userspace > > > would be likely to still hold references to objects that aren't > > > there anymore when the bridge is gone. > > > > > > The first is obviously a larger concern, but if we can find a solution > > > that would accomodate the second it would be great. > > > > > > As far as I can see, we should fix in two steps: > > > > > > - in drm_bridge_attach, we should add a device-managed call that will > > > unregister the main DRM device. We don't allow to probe the main DRM > > > device when the bridge isn't there yet in most case, so it makes > > > sense to remove it once the bridge is no longer there as well. > > > > The problem is that I do not see a good way to unregister the main DRM > > device outside of it's driver code. > > > > > > > > - When the DRM device is removed, have the core cleanup any bridge > > > registered. That will remove the need to have drm_bridge_remove in > > > the first place. > > > > > > > I'll assume that my response addressed your concerns. Assuming I get > > > > reviews for the other two patches in this series I'll plan to land > > > > this with Dmitry's review. > > > > > > I still don't think it's a good idea to merge it. It gives an illusion > > > of being safe, but it's really far from it. > > > > It is more of removing the boilerplate code spread over all the > > drivers rather than about particular safety. > > > > I'd propose to land devm_drm_bridge_add (and deprecate calling > > drm_bridge_remove from the bridge driver at some point) and work on > > the whole drm_device <-> drm_bridge problem in the meantime. > > At this point it has been landed in drm-misc-next as per my response > to the cover letter. If need be we can revert it and rework the ps8640 > driver to stop using it but it wouldn't change the lifetime of the > bridge. I'm not going to rework the bridge lifetime rules here. If > nothing else it seems like having the devm function at least would > make it obvious which drivers need to be fixed whenever the bridge > lifetime problem gets solved. Not really, no. The issue exists whether or not the driver would be using devm. Anyway, what's done is done. Could you please ping earlier than a few minutes before applying the patch next time though? We could have easily prevented that situation. Maxime
Hi, On Fri, Jun 3, 2022 at 7:14 AM Maxime Ripard <maxime@cerno.tech> wrote: > > On Fri, Jun 03, 2022 at 01:19:16PM +0300, Dmitry Baryshkov wrote: > > On Fri, 3 Jun 2022 at 11:21, Maxime Ripard <maxime@cerno.tech> wrote: > > > > > > On Tue, May 31, 2022 at 02:06:34PM -0700, Doug Anderson wrote: > > > > On Mon, May 23, 2022 at 10:00 AM Doug Anderson <dianders@chromium.org> wrote: > > > > > On Sat, May 21, 2022 at 2:17 AM Maxime Ripard <maxime@cerno.tech> wrote: > > > > > > On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote: > > > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > > > candidate for where the lifetime matches exactly what we want. > > > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > > > but the DRM device is still around. > > > > > > > > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > > > encoder device. I wasn't personally involved in discussions about it, > > > > > but I was under the impression that this was expected / normal. Thus > > > > > we can't make this DRM-managed. > > > > > > > > Since I didn't hear a reply, > > > > > > Gah, I replied but it looks like somehow it never reached the ML... > > > > > > Here was my original reply: > > > > > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > > candidate for where the lifetime matches exactly what we want. > > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > > but the DRM device is still around. > > > >=20 > > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > > encoder device. > > > > > > bridge->dev seems right though? > > > > > > > I wasn't personally involved in discussions about it, but I was under > > > > the impression that this was expected / normal. Thus we can't make > > > > this DRM-managed. > > > > > > Still, I don't think devm is the right solution to this either. > > > > > > The underlying issue is two-fold: > > > > > > - Encoders can have a pointer to a bridge through of_drm_find_bridge > > > or similar. However, bridges are traditionally tied to their device > > > lifetime (by calling drm_bridge_add in probe, and drm_bridge_remove > > > in remove). Encoders will typically be tied to the DRM device > > > however, and that one sticks around until the last application > > > closes it. We can thus very easily end up with a dangling pointer, > > > and a use-after-free. > > > > > > - It's not the case yet, but it doesn't seem far fetch to expose > > > properties of bridges to the userspace. In that case, the userspace > > > would be likely to still hold references to objects that aren't > > > there anymore when the bridge is gone. > > > > > > The first is obviously a larger concern, but if we can find a solution > > > that would accomodate the second it would be great. > > > > > > As far as I can see, we should fix in two steps: > > > > > > - in drm_bridge_attach, we should add a device-managed call that will > > > unregister the main DRM device. We don't allow to probe the main DRM > > > device when the bridge isn't there yet in most case, so it makes > > > sense to remove it once the bridge is no longer there as well. > > > > The problem is that I do not see a good way to unregister the main DRM > > device outside of it's driver code. > > That's what drmm helpers are doing though: they'll defer the cleanup > until the last user has closed its fd. I'm a bit confused here. I'll take the concrete example of ps8640 since that's what I was working on here. ...right now the fact that we're using devm means that drm_bridge_remove() will get called when a ps8640 device is unbound, right? I guess you're saying that the "drm_bridge" memory needs to outlast this, right? That being said, even if the actual memory for drm_bridge outlasts the ps8640 driver lifetime, much of the data would need to be marked invalid I think. If nothing else all function pointers that point into the driver would have to be made NULL, right? Once the device has been unbound it's possible that the underlying module might be removed. I suspect that we'd need to do more than just bogus-up the function pointers, though. ...so it feels like any solution here needs to take into account _both_ the lifetime of the "struct device" and the "struct drm_device". If the "struct device" goes away but the "struct drm_device" is still around then we need to essentially transition the "struct drm_device" over to a dummy, right? In my perhaps naive view that means that a dmm_bridge_add() wouldn't be enough because it wouldn't know when the "struct device" went away. > > > - When the DRM device is removed, have the core cleanup any bridge > > > registered. That will remove the need to have drm_bridge_remove in > > > the first place. > > > > > > > I'll assume that my response addressed your concerns. Assuming I get > > > > reviews for the other two patches in this series I'll plan to land > > > > this with Dmitry's review. > > > > > > I still don't think it's a good idea to merge it. It gives an illusion > > > of being safe, but it's really far from it. > > > > It is more of removing the boilerplate code spread over all the > > drivers rather than about particular safety. > > > > I'd propose to land devm_drm_bridge_add (and deprecate calling > > drm_bridge_remove from the bridge driver at some point) and work on > > the whole drm_device <-> drm_bridge problem in the meantime. > > Do you really expect that to happen? :) > > Anyway, it's been merged, it's too late now anyway. I don't really feel > like it's a good thing, but it doesn't really make the situation worse > either. A revert is really not that hard to do if the consensus is that we really don't want this. -Doug
On Fri, Jun 03, 2022 at 07:56:16AM -0700, Doug Anderson wrote: > Hi, > > On Fri, Jun 3, 2022 at 7:14 AM Maxime Ripard <maxime@cerno.tech> wrote: > > > > On Fri, Jun 03, 2022 at 01:19:16PM +0300, Dmitry Baryshkov wrote: > > > On Fri, 3 Jun 2022 at 11:21, Maxime Ripard <maxime@cerno.tech> wrote: > > > > > > > > On Tue, May 31, 2022 at 02:06:34PM -0700, Doug Anderson wrote: > > > > > On Mon, May 23, 2022 at 10:00 AM Doug Anderson <dianders@chromium.org> wrote: > > > > > > On Sat, May 21, 2022 at 2:17 AM Maxime Ripard <maxime@cerno.tech> wrote: > > > > > > > On Tue, May 10, 2022 at 12:29:43PM -0700, Douglas Anderson wrote: > > > > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > > > > candidate for where the lifetime matches exactly what we want. > > > > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > > > > but the DRM device is still around. > > > > > > > > > > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > > > > encoder device. I wasn't personally involved in discussions about it, > > > > > > but I was under the impression that this was expected / normal. Thus > > > > > > we can't make this DRM-managed. > > > > > > > > > > Since I didn't hear a reply, > > > > > > > > Gah, I replied but it looks like somehow it never reached the ML... > > > > > > > > Here was my original reply: > > > > > > > > > > > This adds a devm managed version of drm_bridge_add(). Like other > > > > > > > "devm" function listed in drm_bridge.h, this function takes an > > > > > > > explicit "dev" to use for the lifetime management. A few notes: > > > > > > > * In general we have a "struct device" for bridges that makes a good > > > > > > > candidate for where the lifetime matches exactly what we want. > > > > > > > * The "bridge->dev->dev" device appears to be the encoder > > > > > > > device. That's not the right device to use for lifetime management. > > > > > > > > > > > > > > Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > > > > > > > Signed-off-by: Douglas Anderson <dianders@chromium.org> > > > > > > > > > > > > If we are to introduce more managed helpers, I think it'd be wiser to > > > > > > introduce them as DRM-managed, and not device managed. > > > > > > > > > > > > Otherwise, you'll end up in a weird state when a device has been removed > > > > > > but the DRM device is still around. > > > > >=20 > > > > > I'm kinda confused. In this case there is no DRM device for the bridge > > > > > and, as per my CL description, "bridge-dev->dev" appears to be the > > > > > encoder device. > > > > > > > > bridge->dev seems right though? > > > > > > > > > I wasn't personally involved in discussions about it, but I was under > > > > > the impression that this was expected / normal. Thus we can't make > > > > > this DRM-managed. > > > > > > > > Still, I don't think devm is the right solution to this either. > > > > > > > > The underlying issue is two-fold: > > > > > > > > - Encoders can have a pointer to a bridge through of_drm_find_bridge > > > > or similar. However, bridges are traditionally tied to their device > > > > lifetime (by calling drm_bridge_add in probe, and drm_bridge_remove > > > > in remove). Encoders will typically be tied to the DRM device > > > > however, and that one sticks around until the last application > > > > closes it. We can thus very easily end up with a dangling pointer, > > > > and a use-after-free. > > > > > > > > - It's not the case yet, but it doesn't seem far fetch to expose > > > > properties of bridges to the userspace. In that case, the userspace > > > > would be likely to still hold references to objects that aren't > > > > there anymore when the bridge is gone. > > > > > > > > The first is obviously a larger concern, but if we can find a solution > > > > that would accomodate the second it would be great. > > > > > > > > As far as I can see, we should fix in two steps: > > > > > > > > - in drm_bridge_attach, we should add a device-managed call that will > > > > unregister the main DRM device. We don't allow to probe the main DRM > > > > device when the bridge isn't there yet in most case, so it makes > > > > sense to remove it once the bridge is no longer there as well. > > > > > > The problem is that I do not see a good way to unregister the main DRM > > > device outside of it's driver code. > > > > That's what drmm helpers are doing though: they'll defer the cleanup > > until the last user has closed its fd. > > I'm a bit confused here. I'll take the concrete example of ps8640 > since that's what I was working on here. > > ...right now the fact that we're using devm means that > drm_bridge_remove() will get called when a ps8640 device is unbound, > right? Yes > I guess you're saying that the "drm_bridge" memory needs to > outlast this, right? Since drm_bridge isn't exposing anything to userspace, it would mostly be its connector. But they are usually allocated in the same structure, so it's pretty much equivalent here. > That being said, even if the actual memory for drm_bridge outlasts the > ps8640 driver lifetime, much of the data would need to be marked > invalid I think. All the device resources, yes. So things like IO mappings, clocks, reset lines, regulators, etc. > If nothing else all function pointers that point into the driver would > have to be made NULL, right? Once the device has been unbound it's > possible that the underlying module might be removed. I suspect that > we'd need to do more than just bogus-up the function pointers, though. I ... didn't think of the module memory being freed. I don't know the module handling code, but if it's an option we could get a reference to the module memory to make sure the memory stays around until everything has been freed. If we can't, then we could relocate all the functions inside the kernel for the teardown, but I'm sure it's going to be a mess. > ...so it feels like any solution here needs to take into account > _both_ the lifetime of the "struct device" and the "struct > drm_device". If the "struct device" goes away but the "struct > drm_device" is still around then we need to essentially transition the > "struct drm_device" over to a dummy, right? So we want to make sure we won't access the device resources if they aren't there anymore, during the timeframe between the device being unbound and the DRM device being unregistered (which can be arbitrarily long). Fortunately, drm_device->registered is being toggled as soon as we start the unbinding process, and drm_dev_enter()/drm_dev_exit() is there to make sure the device is registered. So we would need to make sure that all device resource access is protected by a call to those functions. It's tedious, but it works today. It's a bit more complicated in the case of bridges (as opposed to any other entity) because you don't have access to the DRM device when you probe, only when you are attached. So you also need to make sure the private structure you allocated in probe (using devm_) is properly converted to be DRM-managed and freed later on. Maxime
diff --git a/drivers/gpu/drm/drm_bridge.c b/drivers/gpu/drm/drm_bridge.c index c96847fc0ebc..e275b4ca344b 100644 --- a/drivers/gpu/drm/drm_bridge.c +++ b/drivers/gpu/drm/drm_bridge.c @@ -170,6 +170,29 @@ void drm_bridge_add(struct drm_bridge *bridge) } EXPORT_SYMBOL(drm_bridge_add); +static void drm_bridge_remove_void(void *bridge) +{ + drm_bridge_remove(bridge); +} + +/** + * devm_drm_bridge_add - devm managed version of drm_bridge_add() + * + * @dev: device to tie the bridge lifetime to + * @bridge: bridge control structure + * + * This is the managed version of drm_bridge_add() which automatically + * calls drm_bridge_remove() when @dev is unbound. + * + * Return: 0 if no error or negative error code. + */ +int devm_drm_bridge_add(struct device *dev, struct drm_bridge *bridge) +{ + drm_bridge_add(bridge); + return devm_add_action_or_reset(dev, drm_bridge_remove_void, bridge); +} +EXPORT_SYMBOL(devm_drm_bridge_add); + /** * drm_bridge_remove - remove the given bridge from the global bridge list * diff --git a/include/drm/drm_bridge.h b/include/drm/drm_bridge.h index f27b4060faa2..42aec8612f37 100644 --- a/include/drm/drm_bridge.h +++ b/include/drm/drm_bridge.h @@ -796,6 +796,7 @@ drm_priv_to_bridge(struct drm_private_obj *priv) } void drm_bridge_add(struct drm_bridge *bridge); +int devm_drm_bridge_add(struct device *dev, struct drm_bridge *bridge); void drm_bridge_remove(struct drm_bridge *bridge); int drm_bridge_attach(struct drm_encoder *encoder, struct drm_bridge *bridge, struct drm_bridge *previous,
This adds a devm managed version of drm_bridge_add(). Like other "devm" function listed in drm_bridge.h, this function takes an explicit "dev" to use for the lifetime management. A few notes: * In general we have a "struct device" for bridges that makes a good candidate for where the lifetime matches exactly what we want. * The "bridge->dev->dev" device appears to be the encoder device. That's not the right device to use for lifetime management. Suggested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> Signed-off-by: Douglas Anderson <dianders@chromium.org> --- Changes in v3: - Patch ("drm/bridge: Add devm_drm_bridge_add()") new for v3. drivers/gpu/drm/drm_bridge.c | 23 +++++++++++++++++++++++ include/drm/drm_bridge.h | 1 + 2 files changed, 24 insertions(+)