Page MenuHomeFreeBSD
Differential D44865

linuxkpi: Allow ida_destroy and idr_destroy to be called multiple times
Needs ReviewPublic
Actions

Authored by ashafer_badland.io on Fri, Apr 19, 2:48 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, May 12, 12:00 PM
Unknown Object (File)
Sun, Apr 28, 11:29 PM
Unknown Object (File)
Sat, Apr 27, 9:52 AM
Unknown Object (File)
Fri, Apr 26, 3:58 PM
Unknown Object (File)
Fri, Apr 26, 3:53 PM
Unknown Object (File)
Fri, Apr 26, 3:52 PM
Unknown Object (File)
Fri, Apr 26, 3:52 PM
Unknown Object (File)
Fri, Apr 26, 10:33 AM
View All 11 Files
Subscribers
bz
emaste
imp
manu
linuxkpi

Details

Reviewers
bz
manu
Group Reviewers
linuxkpi
Summary

This fixes some weird behavior triggered by nvidia-drm.ko: some DRM
cleanup functions will be called multiple times, leading to a double
free. drm_mode_config_cleanup will be called twice, causing ida_destroy
to be called twice. Although calling the cleanup twice doesn't seem
very clean, on Linux this seems to be permissable as it handles it
just fine.

In order to preserve this behavior this change checks if the objects
have already been destroyed and bails if so. This fixes the panic seen
when unloading the nvidia-drm driver.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 57246
Build 54134: arc lint + arc unit

Event Timeline

ashafer_badland.io created this revision.Fri, Apr 19, 2:48 PM
Herald added subscribers: linuxkpi, emaste, imp. · View Herald TranscriptFri, Apr 19, 2:48 PM
ashafer_badland.io requested review of this revision.Fri, Apr 19, 2:48 PM
Harbormaster completed remote builds in B57217: Diff 137387.Fri, Apr 19, 2:48 PM
bz added a subscriber: bz.Fri, Apr 19, 3:52 PM

Nice tracking down.
Is there a PR for this somewhere we need to reference?

Are you actually seeing a double-free as indicated in the description or is the panic on acquiring a non-initilized mutex?

sys/compat/linuxkpi/common/src/linux_idr.c
182

"If" upper case and I'd remove the "empty/" as we don't check for that.

184

I think this should be part of the commit message.
I'd rather state that the idr can be re-used--only freeing the internal memory--and we could be called multiple times without an idr_init() in between so guarding for that.

188

You wouldn't need the { } and a space after if.

I do wonder if there is any other pointer or simple data type we could check here instead of whether the mutex is initialized? Likely not easily ... given the mtx_destroy(). Hmm. Guess not.

ashafer_badland.io updated this revision to Diff 137405.Fri, Apr 19, 6:33 PM

There isn't a PR, this has been a longstanding issue with nvidia-drm that I'm
finally getting around to solving.

If you unload nvidia-drm.ko right now you'll see a panic from the mutex
initialization assert. If you fix that (idr_destroy part of this change) then
you'll run into a double free (ida_destroy part of this change).

Harbormaster completed remote builds in B57228: Diff 137405.Fri, Apr 19, 6:33 PM
bz accepted this revision.Fri, Apr 19, 6:53 PM
bz added a reviewer: linuxkpi.

Thanks. If no one complains the next days I'll put this in.

This revision is now accepted and ready to land.Fri, Apr 19, 6:53 PM
manu accepted this revision.Sat, Apr 20, 7:22 AM
manu added a subscriber: manu.
manu added inline comments.
sys/compat/linuxkpi/common/src/linux_idr.c
186

mtx_initialized returns an int so style(9) says to not use ! but == 0

ashafer_badland.io updated this revision to Diff 137438.Sat, Apr 20, 4:04 PM

Updated with style, thanks.

This revision now requires review to proceed.Sat, Apr 20, 4:04 PM
Harbormaster completed remote builds in B57246: Diff 137438.Sat, Apr 20, 4:04 PM
ashafer_badland.io added a comment.Mon, May 6, 7:52 PM

Any update on getting this merged?

Revision Contents
Changeset List

PathSize
sys/
compat/
linuxkpi/
common/
src/
9 lines

Diff 137438

View Options

sys/compat/linuxkpi/common/src/linux_idr.c

Loading...