Some vague evidences suggests this can go wrong. Try to prevent it by holding the right mutex and clearing ->deferred_setup to make sure we later on don't accidentally try to re-register the fbdev when the driver thought it had it all cleaned up already.
v2: I realized that this is fundamentally butchered, and CI complained about lockdep splats. So limit the critical section again and just add a few notes what the proper fix is.
References: https://intel-gfx-ci.01.org/tree/linux-next/next-20201215/fi-byt-j1900/igt@i... Signed-off-by: Daniel Vetter daniel.vetter@intel.com Cc: Ville Syrjälä ville.syrjala@linux.intel.com Cc: Chris Wilson chris@chris-wilson.co.uk Cc: Maarten Lankhorst maarten.lankhorst@linux.intel.com Cc: Maxime Ripard mripard@kernel.org Cc: Thomas Zimmermann tzimmermann@suse.de Cc: David Airlie airlied@linux.ie Cc: Daniel Vetter daniel@ffwll.ch --- drivers/gpu/drm/drm_fb_helper.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 9d82fda274eb..8f11e5abb222 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -598,6 +598,9 @@ EXPORT_SYMBOL(drm_fb_helper_alloc_fbi); * A wrapper around unregister_framebuffer, to release the fb_info * framebuffer device. This must be called before releasing all resources for * @fb_helper by calling drm_fb_helper_fini(). + * + * Note that this is fundamentally racy on hotunload because it doen't handle + * open fbdev file descriptors at all. Use drm_fbdev_generic_setup() instead. */ void drm_fb_helper_unregister_fbi(struct drm_fb_helper *fb_helper) { @@ -611,6 +614,9 @@ EXPORT_SYMBOL(drm_fb_helper_unregister_fbi); * @fb_helper: driver-allocated fbdev helper, can be NULL * * This cleans up all remaining resources associated with @fb_helper. + * + * Note that this is fundamentally racy on hotunload because it doen't handle + * open fbdev file descriptors at all. Use drm_fbdev_generic_setup() instead. */ void drm_fb_helper_fini(struct drm_fb_helper *fb_helper) { @@ -2382,6 +2388,10 @@ static void drm_fbdev_client_unregister(struct drm_client_dev *client) { struct drm_fb_helper *fb_helper = drm_fb_helper_from_client(client);
+ mutex_lock(&fb_helper->lock); + fb_helper->deferred_setup = false; + mutex_unlock(&fb_helper->lock); + if (fb_helper->fbdev) /* drm_fbdev_fb_destroy() takes care of cleanup */ drm_fb_helper_unregister_fbi(fb_helper);
Hi Daniel,
On Tue, Jul 13, 2021 at 03:59:22PM +0200, Daniel Vetter wrote:
Some vague evidences suggests this can go wrong. Try to prevent it by holding the right mutex and clearing ->deferred_setup to make sure we later on don't accidentally try to re-register the fbdev when the driver thought it had it all cleaned up already.
v2: I realized that this is fundamentally butchered, and CI complained about lockdep splats. So limit the critical section again and just add a few notes what the proper fix is.
References: https://intel-gfx-ci.01.org/tree/linux-next/next-20201215/fi-byt-j1900/igt@i... Signed-off-by: Daniel Vetter daniel.vetter@intel.com Cc: Ville Syrjälä ville.syrjala@linux.intel.com Cc: Chris Wilson chris@chris-wilson.co.uk Cc: Maarten Lankhorst maarten.lankhorst@linux.intel.com Cc: Maxime Ripard mripard@kernel.org Cc: Thomas Zimmermann tzimmermann@suse.de Cc: David Airlie airlied@linux.ie Cc: Daniel Vetter daniel@ffwll.ch
drivers/gpu/drm/drm_fb_helper.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 9d82fda274eb..8f11e5abb222 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -598,6 +598,9 @@ EXPORT_SYMBOL(drm_fb_helper_alloc_fbi);
- A wrapper around unregister_framebuffer, to release the fb_info
- framebuffer device. This must be called before releasing all resources for
- @fb_helper by calling drm_fb_helper_fini().
- Note that this is fundamentally racy on hotunload because it doen't handle
s/doen't/doesn't/
*/
- open fbdev file descriptors at all. Use drm_fbdev_generic_setup() instead.
void drm_fb_helper_unregister_fbi(struct drm_fb_helper *fb_helper) { @@ -611,6 +614,9 @@ EXPORT_SYMBOL(drm_fb_helper_unregister_fbi);
- @fb_helper: driver-allocated fbdev helper, can be NULL
- This cleans up all remaining resources associated with @fb_helper.
- Note that this is fundamentally racy on hotunload because it doen't handle
s/doen't/doesn't/
*/
- open fbdev file descriptors at all. Use drm_fbdev_generic_setup() instead.
void drm_fb_helper_fini(struct drm_fb_helper *fb_helper) { @@ -2382,6 +2388,10 @@ static void drm_fbdev_client_unregister(struct drm_client_dev *client) { struct drm_fb_helper *fb_helper = drm_fb_helper_from_client(client);
- mutex_lock(&fb_helper->lock);
- fb_helper->deferred_setup = false;
- mutex_unlock(&fb_helper->lock);
- if (fb_helper->fbdev) /* drm_fbdev_fb_destroy() takes care of cleanup */ drm_fb_helper_unregister_fbi(fb_helper);
I could not find any better spot to clear deferred_setup - so I think this is OK.
With the two spellign issues fixed: Acked-by: Sam Ravnborg sam@ravnborg.org
No r-b as I an not too fluent in these code paths and all the locking.
Sam
Am 13.07.21 um 15:59 schrieb Daniel Vetter:
Some vague evidences suggests this can go wrong. Try to prevent it by holding the right mutex and clearing ->deferred_setup to make sure we later on don't accidentally try to re-register the fbdev when the driver thought it had it all cleaned up already.
v2: I realized that this is fundamentally butchered, and CI complained about lockdep splats. So limit the critical section again and just add a few notes what the proper fix is.
References: https://intel-gfx-ci.01.org/tree/linux-next/next-20201215/fi-byt-j1900/igt@i... Signed-off-by: Daniel Vetter daniel.vetter@intel.com Cc: Ville Syrjälä ville.syrjala@linux.intel.com Cc: Chris Wilson chris@chris-wilson.co.uk Cc: Maarten Lankhorst maarten.lankhorst@linux.intel.com Cc: Maxime Ripard mripard@kernel.org Cc: Thomas Zimmermann tzimmermann@suse.de Cc: David Airlie airlied@linux.ie Cc: Daniel Vetter daniel@ffwll.ch
Acked-by: Thomas Zimmermann tzimmermann@suse.de
drivers/gpu/drm/drm_fb_helper.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 9d82fda274eb..8f11e5abb222 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -598,6 +598,9 @@ EXPORT_SYMBOL(drm_fb_helper_alloc_fbi);
- A wrapper around unregister_framebuffer, to release the fb_info
- framebuffer device. This must be called before releasing all resources for
- @fb_helper by calling drm_fb_helper_fini().
- Note that this is fundamentally racy on hotunload because it doen't handle
*/ void drm_fb_helper_unregister_fbi(struct drm_fb_helper *fb_helper) {
- open fbdev file descriptors at all. Use drm_fbdev_generic_setup() instead.
@@ -611,6 +614,9 @@ EXPORT_SYMBOL(drm_fb_helper_unregister_fbi);
- @fb_helper: driver-allocated fbdev helper, can be NULL
- This cleans up all remaining resources associated with @fb_helper.
- Note that this is fundamentally racy on hotunload because it doen't handle
*/ void drm_fb_helper_fini(struct drm_fb_helper *fb_helper) {
- open fbdev file descriptors at all. Use drm_fbdev_generic_setup() instead.
@@ -2382,6 +2388,10 @@ static void drm_fbdev_client_unregister(struct drm_client_dev *client) { struct drm_fb_helper *fb_helper = drm_fb_helper_from_client(client);
- mutex_lock(&fb_helper->lock);
- fb_helper->deferred_setup = false;
- mutex_unlock(&fb_helper->lock);
- if (fb_helper->fbdev) /* drm_fbdev_fb_destroy() takes care of cleanup */ drm_fb_helper_unregister_fbi(fb_helper);
dri-devel@lists.freedesktop.org
-
Daniel Vetter -
Sam Ravnborg -
Thomas Zimmermann