Re: [PATCH v3 03/14] drm/rockchip: analogix_dp: Apply drmm_encoder_init() instead of drm_simple_encoder_init()
From: Damon Ding
Date: Mon Jul 28 2025 - 23:23:11 EST
Hi Dmitry,
On 2025/7/26 8:12, Dmitry Baryshkov wrote:
On Thu, Jul 24, 2025 at 04:02:53PM +0800, Damon Ding wrote:
Compared with drm_simple_encoder_init(), drmm_encoder_init() can handle
the cleanup automatically through registering drm_encoder_cleanup() with
drmm_add_action().
Signed-off-by: Damon Ding <damon.ding@xxxxxxxxxxxxxx>
---
drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c b/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c
index d30f0983a53a..4ed6bf9e5377 100644
--- a/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c
+++ b/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c
@@ -29,7 +29,6 @@
#include <drm/drm_of.h>
#include <drm/drm_panel.h>
#include <drm/drm_probe_helper.h>
-#include <drm/drm_simple_kms_helper.h>
#include "rockchip_drm_drv.h"
@@ -377,8 +376,7 @@ static int rockchip_dp_drm_create_encoder(struct rockchip_dp_device *dp)
dev->of_node);
DRM_DEBUG_KMS("possible_crtcs = 0x%x\n", encoder->possible_crtcs);
- ret = drm_simple_encoder_init(drm_dev, encoder,
- DRM_MODE_ENCODER_TMDS);
+ ret = drmm_encoder_init(drm_dev, encoder, NULL, DRM_MODE_ENCODER_TMDS, NULL);
It's not possible to use drmm_encoder_init() here. Per the documentation
the encoder data structure should be allocated by drmm_kzalloc().
However this drm_encoder is a part of struct rockchip_dp_device. It's
allocated by rockchip_dp_probe() via devm_kzalloc(). This means that it
can potentially be freed before the drm device is completely released,
creating a use-after-free error.
if (ret) {
DRM_ERROR("failed to initialize encoder with drm\n");
return ret;
--
2.34.1
Got it. This patch will be dropped in the next version.
Best regards,
Damon