mirror of
https://github.com/torvalds/linux.git
synced 2024-12-31 23:31:29 +00:00
c2c139cf43
Fixes a potential race condition in amdgpu that looks as follows:
Task 1: attempt ttm_bo_init, but ttm_bo_validate fails
Task 1: add BO to global list anyway
Task 2: grabs hold of the BO, waits on its reservation lock
Task 1: releases its reference of the BO; never gives up the
reservation lock
The patch "drm/amdgpu: fix a potential deadlock in
amdgpu_bo_create_restricted()" attempts to fix that by releasing
the reservation lock in amdgpu code; unfortunately, it introduces
a use-after-free when this race _doesn't_ happen.
This patch should fix the race properly by never adding the BO
to the global list in the first place.
Cc: zhoucm1 <david1.zhou@amd.com>
Signed-off-by: Nicolai Hähnle <nicolai.haehnle@amd.com>
Tested-by: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
||
|---|---|---|
| .. | ||
| Makefile | ||
| ttm_agp_backend.c | ||
| ttm_bo_manager.c | ||
| ttm_bo_util.c | ||
| ttm_bo_vm.c | ||
| ttm_bo.c | ||
| ttm_execbuf_util.c | ||
| ttm_lock.c | ||
| ttm_memory.c | ||
| ttm_module.c | ||
| ttm_object.c | ||
| ttm_page_alloc_dma.c | ||
| ttm_page_alloc.c | ||
| ttm_tt.c | ||