[PATCH 4.12 192/196] drm/i915/fbdev: Check for existence of ifbdev->vma before operations

From: Greg Kroah-Hartman
Date: Tue Jul 25 2017 - 15:27:00 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.12 187/196] reiserfs: Dont clear SGID when inheriting ACLs"
Previous message: Greg Kroah-Hartman: "[PATCH 4.12 183/196] acpi/nfit: Fix memory corruption/Unregister mce decoder on failure"
In reply to: Greg Kroah-Hartman: "[PATCH 4.12 183/196] acpi/nfit: Fix memory corruption/Unregister mce decoder on failure"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.12 187/196] reiserfs: Dont clear SGID when inheriting ACLs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.12-stable review patch. If anyone has any objections, please let me know.

------------------

From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>

commit 7581d5ca2bb269cfc2ce2d0cb489aac513167f6b upstream.

Commit fabef825626d ("drm/i915: Drop struct_mutex around frontbuffer
flushes") adds a dependency to ifbdev->vma when flushing the framebufer,
but the checks are only against the existence of the ifbdev->fb and not
against ifbdev->vma. This leaves a window of opportunity where we may
try to operate on the fbdev prior to it being probed (thanks to
asynchronous booting).

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=101534
Fixes: fabef825626d ("drm/i915: Drop struct_mutex around frontbuffer flushes")
Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Cc: Joonas Lahtinen <joonas.lahtinen@xxxxxxxxxxxxxxx>
Cc: Daniel Vetter <daniel.vetter@xxxxxxxxx>
Link: http://patchwork.freedesktop.org/patch/msgid/20170622160211.783-1-chris@xxxxxxxxxxxxxxxxxx
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx>
(cherry picked from commit 15727ed0d944ce1dec8b9e1082dd3df29a0fdf44)
Signed-off-by: Jani Nikula <jani.nikula@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/gpu/drm/i915/intel_fbdev.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)

--- a/drivers/gpu/drm/i915/intel_fbdev.c
+++ b/drivers/gpu/drm/i915/intel_fbdev.c
@@ -535,13 +535,14 @@ static void intel_fbdev_destroy(struct i

drm_fb_helper_fini(&ifbdev->helper);

- if (ifbdev->fb) {
+ if (ifbdev->vma) {
mutex_lock(&ifbdev->helper.dev->struct_mutex);
intel_unpin_fb_vma(ifbdev->vma);
mutex_unlock(&ifbdev->helper.dev->struct_mutex);
+ }

+ if (ifbdev->fb)
drm_framebuffer_remove(&ifbdev->fb->base);
- }

kfree(ifbdev);
}
@@ -765,7 +766,7 @@ void intel_fbdev_set_suspend(struct drm_
struct intel_fbdev *ifbdev = dev_priv->fbdev;
struct fb_info *info;

- if (!ifbdev || !ifbdev->fb)
+ if (!ifbdev || !ifbdev->vma)
return;

info = ifbdev->helper.fbdev;
@@ -812,7 +813,7 @@ void intel_fbdev_output_poll_changed(str
{
struct intel_fbdev *ifbdev = to_i915(dev)->fbdev;

- if (ifbdev && ifbdev->fb)
+ if (ifbdev && ifbdev->vma)
drm_fb_helper_hotplug_event(&ifbdev->helper);
}

@@ -824,7 +825,7 @@ void intel_fbdev_restore_mode(struct drm
return;

intel_fbdev_sync(ifbdev);
- if (!ifbdev->fb)
+ if (!ifbdev->vma)
return;

if (drm_fb_helper_restore_fbdev_mode_unlocked(&ifbdev->helper) == 0)

Next message: Greg Kroah-Hartman: "[PATCH 4.12 187/196] reiserfs: Dont clear SGID when inheriting ACLs"
Previous message: Greg Kroah-Hartman: "[PATCH 4.12 183/196] acpi/nfit: Fix memory corruption/Unregister mce decoder on failure"
In reply to: Greg Kroah-Hartman: "[PATCH 4.12 183/196] acpi/nfit: Fix memory corruption/Unregister mce decoder on failure"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.12 187/196] reiserfs: Dont clear SGID when inheriting ACLs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]