This series avoids a race between DRM bridge removal and usage of the
bridge private_obj during DRM_MODESET_LOCK_ALL_BEGIN/END() and other
locking operations.
This is part of the work towards removal of bridges from a still existing
DRM pipeline without use-after-free. The grand plan was discussed in [0].
Here's the work breakdown (➜ marks the current series):
1. … add refcounting to DRM bridges (struct drm_bridge)
(based on devm_drm_bridge_alloc() [0])
A. ✔ add new alloc API and refcounting (v6.16)
B. ✔ convert all bridge drivers to new API (v6.17)
C. ✔ kunit tests (v6.17)
D. ✔ add get/put to drm_bridge_add/remove() + attach/detach()
and warn on old allocation pattern (v6.17)
E. … add get/put on drm_bridge accessors
1. ✔ drm_bridge_chain_get_first_bridge(), add cleanup action (v6.18)
2. ✔ drm_bridge_get_prev_bridge() (v6.18)
3. ✔ drm_bridge_get_next_bridge() (v6.19)
4. ✔ drm_for_each_bridge_in_chain() (v6.19)
5. ✔ drm_bridge_connector_init (v6.19)
6. … protect encoder bridge chain with a mutex
7. of_drm_find_bridge
8. drm_of_find_panel_or_bridge, *_of_get_bridge
9. … enforce drm_bridge_add before drm_bridge_attach
F. ✔ debugfs improvements
1. ✔ add top-level 'bridges' file (v6.16)
2. ✔ show refcount and list lingering bridges (v6.19)
2. ➜ handle gracefully atomic updates during bridge removal
A. … Add drm_dev_enter/exit() to protect device resources
B. ➜ protect private_obj removal from list
3. … DSI host-device driver interaction
4. ✔ removing the need for the "always-disconnected" connector
5. finish the hotplug bridge work, moving code to the core and potentially
removing the hotplug-bridge itself (this needs to be clarified as
points 1-3 are developed)
[0]
https://lore.kernel.org/lkml/[email protected]/#t
The need for this series emerged during testing of DRM bridge
hot-plugging. Very rarely on hot-unplug the following warning has appeared:
WARNING: CPU: 0 PID: 123 at include/drm/drm_modeset_lock.h:114
drm_atomic_private_obj_fini+0x64/0x80
...
Call trace:
drm_atomic_private_obj_fini+0x64/0x80
drm_bridge_detach+0x38/0x98
The actual change is in patch 2 along with a detailed explanation.
Patch 1 is just a preparation step.
Signed-off-by: Luca Ceresoli <[email protected]>
---
Luca Ceresoli (2):
drm/atomic: pass drm_device pointer to drm_atomic_private_obj_fini()
drm_atomic_private_obj_fini: protect private_obj removal from list
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +-
drivers/gpu/drm/arm/display/komeda/komeda_private_obj.c | 2 +-
drivers/gpu/drm/display/drm_dp_mst_topology.c | 2 +-
drivers/gpu/drm/display/drm_dp_tunnel.c | 2 +-
drivers/gpu/drm/drm_atomic.c | 9 ++++++++-
drivers/gpu/drm/drm_bridge.c | 2 +-
drivers/gpu/drm/ingenic/ingenic-drm-drv.c | 2 +-
drivers/gpu/drm/ingenic/ingenic-ipu.c | 2 +-
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 2 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c | 2 +-
drivers/gpu/drm/omapdrm/omap_drv.c | 2 +-
drivers/gpu/drm/tegra/hub.c | 2 +-
drivers/gpu/drm/vc4/vc4_kms.c | 6 +++---
include/drm/drm_atomic.h | 3 ++-
14 files changed, 24 insertions(+), 16 deletions(-)
---
base-commit: 3b80ba4fb2d81c77cfef535b202162cbb8aa1f6e
change-id: 20251013-drm-bridge-atomic-vs-remove-private_obj-d792805bebdc
Best regards,
--
Luca Ceresoli <[email protected]>
