drm/i915: Prevent use-after-free in invalidate_range_start callback - kernel/linux.git

diff options

author	Michał Winiarski <michal.winiarski@intel.com>	2015-02-03 17:48:17 +0300
committer	Jani Nikula <jani.nikula@intel.com>	2015-02-05 17:31:30 +0300
commit	460822b0b1a77db859b0320469799fa4dbe4d367 (patch)
tree	3f2e09686dc7e70d82a75c4d475e84f944606ebe /drivers/gpu/drm/i915/intel_sideband.c
parent	1293eaa3ebf92f146f366d9b678a07b8b3200ea1 (diff)
download	linux-460822b0b1a77db859b0320469799fa4dbe4d367.tar.xz

drm/i915: Prevent use-after-free in invalidate_range_start callback

It's possible for invalidate_range_start mmu notifier callback to race against userptr object release. If the gem object was released prior to obtaining the spinlock in invalidate_range_start we're hitting null pointer dereference. Testcase: igt/gem_userptr_blits/stress-mm-invalidate-close Testcase: igt/gem_userptr_blits/stress-mm-invalidate-close-overlap Cc: Chris Wilson <chris@chris-wilson.co.uk> Signed-off-by: Michał Winiarski <michal.winiarski@intel.com> Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> Cc: stable@vger.kernel.org [Jani: added code comment suggested by Chris] Signed-off-by: Jani Nikula <jani.nikula@intel.com>

Diffstat (limited to 'drivers/gpu/drm/i915/intel_sideband.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: