On 3/3/26 3:15 PM, Bart Van Assche wrote:
The comment above __drm_fb_helper_initial_config_and_unlock() says
"Drops fb_helper->lock before returning". However, there is an
error path in that function that does not drop fb_helper->lock:
info = drm_fb_helper_alloc_info(fb_helper);
if (IS_ERR(info))
return PTR_ERR(info);
Is the code correct or is the comment correct? I don't think that
both can be correct.
(+Thomas)
Thomas,
Does this untested patch make sense to you?
Thanks,
Bart.
drm: Fix a locking bug in an error path
Make sure that __drm_fb_helper_initial_config_and_unlock() unlocks
fb_helper->lock. This has been detected by the Clang thread-safety
analyzer.
Fixes: 63c971af4036 ("drm/fb-helper: Allocate and release fb_info in
single place")
Signed-off-by: Bart Van Assche <[email protected]>
diff --git a/drivers/gpu/drm/drm_fb_helper.c
b/drivers/gpu/drm/drm_fb_helper.c
index 05803169bed5..16bfbfb0af16 100644
--- a/drivers/gpu/drm/drm_fb_helper.c
+++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -1641,8 +1641,10 @@ __drm_fb_helper_initial_config_and_unlock(struct
drm_fb_helper *fb_helper)
drm_client_modeset_probe(&fb_helper->client, width, height);
info = drm_fb_helper_alloc_info(fb_helper);
- if (IS_ERR(info))
+ if (IS_ERR(info)) {
+ mutex_unlock(&fb_helper->lock);
return PTR_ERR(info);
+ }
ret = drm_fb_helper_single_fb_probe(fb_helper);
if (ret < 0) {
