Hello Cristian, At 2026-06-02 00:13:46, "Cristian Ciocaltea" <[email protected]> wrote: >Core resources such as the DisplayPort AUX channel get initialized and >registered during dw_dp_bind(), but are never unregistered, which may >lead to memory leaks and/or use-after-free: > >[ 224.661371] BUG: KASAN: slab-use-after-free in >device_is_dependent+0xe0/0x2b0 >[ 224.662015] Read of size 8 at addr ffff00011aee8550 by task modprobe/658 >[ 224.662612] >[ 224.662752] CPU: 7 UID: 0 PID: 658 Comm: modprobe Not tainted >7.0.0-rc2-next-20260305 #14 PREEMPT >[ 224.662759] Hardware name: Radxa ROCK 5B (DT) >[ 224.662762] Call trace: >[ 224.662764] show_stack+0x20/0x38 (C) >[ 224.662772] dump_stack_lvl+0x6c/0x98 >[ 224.662777] print_report+0x160/0x4b8 >[ 224.662783] kasan_report+0xb4/0xe0 >[ 224.662790] __asan_report_load8_noabort+0x20/0x30 >[ 224.662796] device_is_dependent+0xe0/0x2b0 >[ 224.662802] device_is_dependent+0x108/0x2b0 >[ 224.662808] device_link_add+0x1f8/0x10b0 >[ 224.662813] devm_of_phy_get_by_index+0x120/0x200 >[ 224.662819] dw_dp_bind+0x34c/0xb10 [dw_dp] >[ 224.662830] dw_dp_rockchip_bind+0x194/0x250 [rockchipdrm] >[ 224.662864] component_bind_all+0x3a8/0x720 >[ 224.662869] rockchip_drm_bind+0x120/0x390 [rockchipdrm] >[ 224.662899] try_to_bring_up_aggregate_device+0x76c/0x838 >[ 224.662904] component_master_add_with_match+0x1f4/0x230 >[ 224.662909] rockchip_drm_platform_probe+0x420/0x538 [rockchipdrm] >[ 224.662939] platform_probe+0xe8/0x168 >[ 224.662945] really_probe+0x340/0x828 >[ 224.662950] __driver_probe_device+0x2e0/0x350 >[ 224.662954] driver_probe_device+0x80/0x140 >[ 224.662959] __driver_attach+0x398/0x460 >[ 224.662964] bus_for_each_dev+0xe0/0x198 >[ 224.662968] driver_attach+0x50/0x68 >[ 224.662972] bus_add_driver+0x2a0/0x4c0 >[ 224.662977] driver_register+0x294/0x360 >[ 224.662982] __platform_driver_register+0x7c/0x98 >[ 224.662987] rockchip_drm_init+0xc4/0xff8 [rockchipdrm] > >Since a previous commit exported dw_dp_unbind() function in DW DP core >library to take care of the necessary cleanup, use this in the >component's unbind() callback, as well as in its bind() error path. > >Fixes: d68ba7bac955 ("drm/rockchip: Add RK3588 DPTX output support") >Signed-off-by: Cristian Ciocaltea <[email protected]>
Reviewed-by: Andy Yan <[email protected]> Thanks >--- > drivers/gpu/drm/rockchip/dw_dp-rockchip.c | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > >diff --git a/drivers/gpu/drm/rockchip/dw_dp-rockchip.c >b/drivers/gpu/drm/rockchip/dw_dp-rockchip.c >index f137f699737c..0de822360c8d 100644 >--- a/drivers/gpu/drm/rockchip/dw_dp-rockchip.c >+++ b/drivers/gpu/drm/rockchip/dw_dp-rockchip.c >@@ -107,15 +107,26 @@ static int dw_dp_rockchip_bind(struct device *dev, >struct device *master, void * > return PTR_ERR(dp->base); > > connector = drm_bridge_connector_init(drm_dev, encoder); >- if (IS_ERR(connector)) >+ if (IS_ERR(connector)) { >+ dw_dp_unbind(dp->base); > return dev_err_probe(dev, PTR_ERR(connector), > "Failed to init bridge connector\n"); >+ } > > return 0; > } > >+static void dw_dp_rockchip_unbind(struct device *dev, struct device *master, >+ void *data) >+{ >+ struct rockchip_dw_dp *dp = dev_get_drvdata(dev); >+ >+ dw_dp_unbind(dp->base); >+} >+ > static const struct component_ops dw_dp_rockchip_component_ops = { > .bind = dw_dp_rockchip_bind, >+ .unbind = dw_dp_rockchip_unbind, > }; > > static int dw_dp_probe(struct platform_device *pdev) > >-- >2.54.0
