leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
48da0f67c53eecd2594c302be6c8a665b7740eaf
linux/drivers/gpu/drm
History
Thomas Hellström 48da0f67c5 drm/i915: Fix vm use-after-free in vma destruction 
In vma destruction, the following race may occur:

Thread 1:	    		  Thread 2:
i915_vma_destroy();

  ...
  list_del_init(vma->vm_link);
  ...
  mutex_unlock(vma->vm->mutex);
				  __i915_vm_release();
release_references();

And in release_reference() we dereference vma->vm to get to the
vm gt pointer, leading to a use-after free.

However, __i915_vm_release() grabs the vm->mutex so the vm won't be
destroyed before vma->vm->mutex is released, so extract the gt pointer
under the vm->mutex to avoid the vma->vm dereference in
release_references().

v2: Fix a typo in the commit message (Andi Shyti)

Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/5944
Fixes: e1a7ab4fca ("drm/i915: Remove the vm open count")

Cc: Niranjana Vishwanathapura <niranjana.vishwanathapura@intel.com>
Cc: Matthew Auld <matthew.auld@intel.com>
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Acked-by: Nirmoy Das <nirmoy.das@intel.con>
Reviewed-by: Andrzej Hajda <andrzej.hajda@intel.com>
Reviewed-by: Matthew Auld <matthew.auld@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220620123659.381772-1-thomas.hellstrom@linux.intel.com
(cherry picked from commit 1926a6b759)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2022-07-12 18:16:40 -04:00
..
amd
Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
2022-06-29 14:50:52 -04:00
arm
Merge tag 'drm-msm-next-2022-05-09' of https://gitlab.freedesktop.org/drm/msm into drm-next
2022-05-11 12:40:47 +10:00
armada
Merge tag 'driver-core-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2022-03-28 12:41:28 -07:00
aspeed
drm/aspeed: Add AST2600 chip support
2022-03-03 09:08:35 +10:30
ast
drm/ast: Support multiple outputs
2022-06-09 10:27:49 +02:00
atmel-hlcdc
drm/atmel-hlcdc: Use drm_module_platform_driver() to register the driver
2022-01-27 19:15:46 +01:00
bridge
Merge tag 'drm-misc-fixes-2022-05-26' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
2022-06-10 13:12:36 +10:00
display
Merge tag 'drm-next-2022-05-25' of git://anongit.freedesktop.org/drm/drm
2022-05-25 16:18:27 -07:00
etnaviv
Merge branch 'etnaviv/next' of https://git.pengutronix.de/git/lst/linux into drm-next
2022-05-17 12:20:04 +10:00
exynos
drm/exynos: mic: Rework initialization
2022-06-14 22:32:16 +09:00
fsl-dcu
drm/fsl-dcu: Use drm_module_platform_driver() to register the driver
2022-01-27 19:15:46 +01:00
gma500
drm: Rename dp/ to display/
2022-04-25 11:17:45 +02:00
gud
dma-buf-map: Rename to iosys-map
2022-02-07 16:35:35 -08:00
hisilicon
Merge tag 'driver-core-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2022-03-28 12:41:28 -07:00
hyperv
drm/hyperv: Remove support for Hyper-V 2008 and 2008R2/Win7
2022-05-11 17:49:49 +00:00
i2c
i810
i915
drm/i915: Fix vm use-after-free in vma destruction
2022-07-12 18:16:40 -04:00
imx
drm: imx: fix compiler warning with gcc-12
2022-06-09 09:39:44 -07:00
ingenic
drm/ingenic: Add dw-hdmi driver specialization for jz4780
2022-04-11 16:04:39 +01:00
kmb
Merge tag 'drm-misc-next-2022-02-23' of git://anongit.freedesktop.org/drm/drm-misc into drm-next
2022-02-25 05:50:18 +10:00
lib
drm/selftests: add drm buddy alloc range testcase
2022-02-23 10:44:43 +01:00
lima
dma-buf: specify usage while adding fences to dma_resv obj v7
2022-04-07 12:53:53 +02:00
mcde
Revert "drm: bridge: mcde_dsi: Switch to devm_drm_of_get_bridge"
2022-05-04 17:06:31 +02:00
mediatek
Merge tag 'mediatek-drm-next-5.19' of https://git.kernel.org/pub/scm/linux/kernel/git/chunkuang.hu/linux into drm-next
2022-05-06 17:26:01 +10:00
meson
Merge drm/drm-next into drm-misc-next
2022-04-05 11:06:58 +02:00
mga
mgag200
drm/mgag200: Protect concurrent access to I/O registers with lock
2022-05-05 09:18:54 +02:00
msm
Merge tag 'drm-msm-fixes-2022-06-28' of https://gitlab.freedesktop.org/drm/msm into drm-fixes
2022-06-29 14:16:46 +10:00
mxsfb
drm: mxsfb: Implement LCDIF scanout CRC32 support
2022-05-05 01:03:49 +02:00
nouveau
Merge tag 'drm-next-2022-05-25' of git://anongit.freedesktop.org/drm/drm
2022-05-25 16:18:27 -07:00
omapdrm
Merge drm/drm-next into drm-misc-next
2022-04-05 11:06:58 +02:00
panel
Merge drm/drm-next into drm-misc-next
2022-05-03 11:53:42 +02:00
panfrost
Merge tag 'drm-misc-fixes-2022-05-26' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
2022-06-10 13:12:36 +10:00
pl111
drm: Remove CONFIG_DRM_KMS_CMA_HELPER option
2021-11-30 11:10:03 +01:00
qxl
drm/qxl: add drm_gem_plane_helper_prepare_fb
2022-05-05 12:30:10 +02:00
r128
BackMerge tag 'v5.15-rc7' into drm-next
2021-10-28 14:59:38 +10:00
radeon
drm/radeon: fix a possible null pointer dereference
2022-05-26 14:56:31 -04:00
rcar-du
drm: allow passing possible_crtcs to drm_writeback_connector_init()
2022-05-02 02:12:59 +03:00
rockchip
drm/rockchip: Change register space names in vop2
2022-05-17 00:16:33 +02:00
savage
scheduler
drm/sched: use __string in tracepoints
2022-04-26 15:11:00 -04:00
selftests
drm: Rename dp/ to display/
2022-04-25 11:17:45 +02:00
shmobile
drm/shmobile: Use drm_module_platform_driver() to register the driver
2022-01-27 19:15:47 +01:00
sis
solomon
drm/ssd130x: Make ssd130x_remove() return void
2022-04-26 09:43:37 +02:00
sprd
Merge tag 'driver-core-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2022-03-28 12:41:28 -07:00
sti
drm/sti: fix typos in comments
2022-04-07 11:31:52 +02:00
stm
stm: ltdc: fix two incorrect NULL checks on list iterator
2022-04-07 10:26:59 +02:00
sun4i
drm/sun4i: Return if frontend is not present
2022-06-22 16:42:25 +02:00
tdfx
tegra
Merge tag 'drm/tegra/for-5.19-rc1' of https://gitlab.freedesktop.org/drm/tegra into drm-next
2022-05-13 13:14:34 +10:00
tidss
drm/tidss: Soft Reset DISPC on startup
2022-04-19 15:09:45 +03:00
tilcdc
drm/tilcdc: fix typos in comment
2022-04-25 10:18:52 +03:00
tiny
drm/simpledrm: Use fbdev defaults for shadow buffering
2022-05-03 16:04:22 +02:00
ttm
drm/ttm: fix bulk move handling v2
2022-06-14 11:15:19 +02:00
tve200
drm/tve200: Use drm_module_platform_driver() to register the driver
2022-01-27 19:15:48 +01:00
udl
dma-buf-map: Rename to iosys-map
2022-02-07 16:35:35 -08:00
v3d
drm/v3d: Fix null pointer dereference of pointer perfmon
2022-04-26 11:55:28 -01:00
vboxvideo
Merge tag 'drm-misc-next-2022-02-23' of git://anongit.freedesktop.org/drm/drm-misc into drm-next
2022-02-25 05:50:18 +10:00
vc4
drm/vc4: perfmon: Fix variable dereferenced before check
2022-06-27 15:43:14 +02:00
vgem
dma-buf: specify usage while adding fences to dma_resv obj v7
2022-04-07 12:53:53 +02:00
via
virtio
dma-buf: specify usage while adding fences to dma_resv obj v7
2022-04-07 12:53:53 +02:00
vkms
drm: allow passing possible_crtcs to drm_writeback_connector_init()
2022-05-02 02:12:59 +03:00
vmwgfx
drm/vmwgfx: Disable command buffers on svga3 without gbobjects
2022-05-13 10:29:36 -04:00
xen
drm/xen: Add missing VM_DONTEXPAND flag in mmap callback
2022-06-21 16:36:13 +02:00
xlnx
drm/display: Introduce a DRM display-helper module
2022-04-25 11:19:21 +02:00
drm_agpsupport.c
drm_aperture.c
drm/aperture: Run fbdev removal before internal helpers
2022-07-09 11:12:05 -07:00
drm_atomic_helper.c
drm/atomic: Force bridge self-refresh-exit on CRTC switch
2022-06-06 13:27:17 -07:00
drm_atomic_state_helper.c
drm/object: Add default color encoding and range value at reset
2022-02-25 17:57:14 +01:00
drm_atomic_uapi.c
drm: handle kernel fences in drm_gem_plane_helper_prepare_fb v2
2022-05-02 09:01:51 +02:00
drm_atomic.c
drm/atomic: Add atomic_print_state to private objects
2022-03-31 10:19:45 +02:00
drm_auth.c
drm: get rid of DRM_DEBUG_* log calls in drm core, files drm_a*.c
2021-11-26 16:45:22 +01:00
drm_blend.c
drm/blend: fix typo in the comment
2022-03-16 09:36:13 +01:00
drm_bridge_connector.c
drm/bridge_connector: enable HPD by default if supported
2022-03-04 19:34:24 +00:00
drm_bridge.c
drm_buddy.c
drm: add a check to verify the size alignment
2022-04-11 15:35:47 +02:00
drm_bufs.c
drm_cache.c
Merge tag 'drm-next-2022-03-24' of git://anongit.freedesktop.org/drm/drm
2022-03-24 16:19:43 -07:00
drm_client_modeset.c
drm: Convert open-coded yes/no strings to yesno()
2022-02-07 13:04:25 -08:00
drm_client.c
dma-buf-map: Rename to iosys-map
2022-02-07 16:35:35 -08:00
drm_color_mgmt.c
drm: fix typo in comment
2022-05-04 14:09:34 +02:00
drm_connector.c
drm/display: Move HDMI helpers into display-helper module
2022-04-25 11:19:36 +02:00
drm_context.c
drm_crtc_helper_internal.h
drm/dp: Move DP declarations into separate header file
2022-01-17 11:25:44 +01:00
drm_crtc_helper.c
drm: Use drm_mode_copy()
2022-04-12 09:27:20 +03:00
drm_crtc_internal.h
drm_crtc.c
drm_damage_helper.c
drm_debugfs_crc.c
drm_debugfs.c
drm: Plumb debugfs_init through to panels
2022-02-15 15:25:18 -08:00
drm_displayid.c
drm_dma.c
drm_drv.c
drm_dumb_buffers.c
drm_edid_load.c
drm_edid.c
drm/edid: drop kernel-doc for static functions
2022-04-29 14:04:55 +03:00
drm_encoder_slave.c
drm_encoder.c
drm_fb_cma_helper.c
drm_fb_helper.c
fbdev: Rename pagelist to pagereflist for deferred I/O
2022-05-03 16:04:22 +02:00
drm_file.c
drm_flip_work.c
drm_format_helper.c
drm/format-helper: Share implementation among conversion helpers
2022-05-05 08:54:09 +02:00
drm_fourcc.c
drm/fourcc: Add packed 10bit YUV 4:2:0 format
2021-12-16 11:23:22 +01:00
drm_framebuffer.c
drm: introduce fb_modifiers_not_supported flag in mode_config
2022-01-31 21:45:23 +01:00
drm_gem_atomic_helper.c
drm: handle kernel fences in drm_gem_plane_helper_prepare_fb v2
2022-05-02 09:01:51 +02:00
drm_gem_cma_helper.c
Backmerge tag 'v5.17-rc6' into drm-next
2022-02-28 14:57:14 +10:00
drm_gem_framebuffer_helper.c
dma-buf-map: Rename to iosys-map
2022-02-07 16:35:35 -08:00
drm_gem_shmem_helper.c
Merge tag 'drm-misc-next-2022-02-23' of git://anongit.freedesktop.org/drm/drm-misc into drm-next
2022-02-25 05:50:18 +10:00
drm_gem_ttm_helper.c
dma-buf-map: Rename to iosys-map
2022-02-07 16:35:35 -08:00
drm_gem_vram_helper.c
Merge drm/drm-next into drm-misc-next
2022-04-05 11:06:58 +02:00
drm_gem.c
dma-buf: add enum dma_resv_usage v4
2022-04-07 12:53:53 +02:00
drm_hashtab.c
drm: Declare hashtable as legacy
2021-11-30 09:41:28 +01:00
drm_internal.h
dma-buf-map: Rename to iosys-map
2022-02-07 16:35:35 -08:00
drm_ioc32.c
drm_ioctl.c
drm: introduce fb_modifiers_not_supported flag in mode_config
2022-01-31 21:45:23 +01:00
drm_irq.c
drm_kms_helper_common.c
drm/dp: Move DisplayPort helpers into separate helper module
2022-01-17 11:25:44 +01:00
drm_lease.c
drm_legacy_misc.c
drm_legacy.h
drm: Declare hashtable as legacy
2021-11-30 09:41:28 +01:00
drm_lock.c
drm_managed.c
drm: Add DRM-managed mutex_init()
2022-05-05 09:04:10 +02:00
drm_memory.c
drm_mipi_dbi.c
dma-buf-map: Rename to iosys-map
2022-02-07 16:35:35 -08:00
drm_mipi_dsi.c
drm/display: Move DSC header and helpers into display-helper module
2022-04-25 11:19:36 +02:00
drm_mm.c
lib/stackdepot: allow optional init and stack_table allocation by kvmalloc()
2022-01-22 08:33:37 +02:00
drm_mode_config.c
drm_mode_object.c
drm/object: Add drm_object_property_get_default_value() function
2022-02-25 17:55:42 +01:00
drm_modes.c
drm/modes: Make width-mm/height-mm check in of_get_drm_panel_display_mode() mandatory
2022-04-24 23:54:05 +02:00
drm_modeset_helper.c
drm_modeset_lock.c
lib/stackdepot: allow optional init and stack_table allocation by kvmalloc()
2022-01-22 08:33:37 +02:00
drm_nomodeset.c
drm: Fix build error caused by missing drm_nomodeset.o
2021-11-27 21:05:58 +01:00
drm_of.c
Revert "drm: of: Lookup if child node has panel or bridge"
2022-04-21 09:18:08 +02:00
drm_panel_orientation_quirks.c
drm: panel-orientation-quirks: Add quirk for Aya Neo Next
2022-06-19 17:37:16 +02:00
drm_panel.c
drm_pci.c
drm_plane_helper.c
drm_plane.c
drm/plane: Move range check for format_count earlier
2022-04-28 16:13:04 +01:00
drm_prime.c
dma-buf-map: Rename to iosys-map
2022-02-07 16:35:35 -08:00
drm_print.c
drm_privacy_screen_x86.c
Merge tag 'drm-misc-next-2022-01-27' of git://anongit.freedesktop.org/drm/drm-misc into drm-next
2022-02-01 19:02:41 +10:00
drm_privacy_screen.c
Merge tag 'drm-misc-next-2022-02-23' of git://anongit.freedesktop.org/drm/drm-misc into drm-next
2022-02-25 05:50:18 +10:00
drm_probe_helper.c
drm/probe-helper: use drm_kms_helper_connector_hotplug_event
2021-11-02 14:27:14 +01:00
drm_property.c
drm_rect.c
drm_scatter.c
drm_self_refresh_helper.c
drm_simple_kms_helper.c
drm_syncobj.c
drm/syncobj: flatten dma_fence_chains on transfer
2022-02-11 11:30:01 +01:00
drm_sysfs.c
drm/sysfs: introduce drm_sysfs_connector_hotplug_event
2021-11-02 14:27:06 +01:00
drm_trace_points.c
drm_trace.h
drm_vblank_work.c
drm_vblank.c
drm: Use drm_mode_copy()
2022-04-12 09:27:20 +03:00
drm_vm.c
LoongArch: Add writecombine support for drm
2022-06-03 20:09:27 +08:00
drm_vma_manager.c
drm_writeback.c
drm: introduce drm_writeback_connector_init_with_encoder() API
2022-05-02 02:12:59 +03:00
Kconfig
drm/display: Move HDMI helpers into display-helper module
2022-04-25 11:19:36 +02:00
Makefile
drm/display: Move SCDC helpers into display-helper library
2022-04-25 11:19:37 +02:00