If a process is interrupted while accessing the "gpu" debugfs file and the drm device struct_mutex is contended, release() could return early and fail to free related resources.
Note that the return value from release() is ignored.
Fixes: 4f776f4511c7 ("drm/msm/gpu: Convert the GPU show function to use the GPU state") Cc: stable stable@vger.kernel.org # 4.18 Cc: Jordan Crouse jcrouse@codeaurora.org Cc: Rob Clark robdclark@gmail.com Signed-off-by: Johan Hovold johan@kernel.org --- drivers/gpu/drm/msm/msm_debugfs.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/msm/msm_debugfs.c b/drivers/gpu/drm/msm/msm_debugfs.c index 6be879578140..1c74381a4fc9 100644 --- a/drivers/gpu/drm/msm/msm_debugfs.c +++ b/drivers/gpu/drm/msm/msm_debugfs.c @@ -47,12 +47,8 @@ static int msm_gpu_release(struct inode *inode, struct file *file) struct msm_gpu_show_priv *show_priv = m->private; struct msm_drm_private *priv = show_priv->dev->dev_private; struct msm_gpu *gpu = priv->gpu; - int ret; - - ret = mutex_lock_interruptible(&show_priv->dev->struct_mutex); - if (ret) - return ret;
+ mutex_lock(&show_priv->dev->struct_mutex); gpu->funcs->gpu_state_put(show_priv->state); mutex_unlock(&show_priv->dev->struct_mutex);
On Thu, Oct 10, 2019 at 03:13:30PM +0200, Johan Hovold wrote:
If a process is interrupted while accessing the "gpu" debugfs file and the drm device struct_mutex is contended, release() could return early and fail to free related resources.
Note that the return value from release() is ignored.
Fixes: 4f776f4511c7 ("drm/msm/gpu: Convert the GPU show function to use the GPU state") Cc: stable stable@vger.kernel.org # 4.18 Cc: Jordan Crouse jcrouse@codeaurora.org Cc: Rob Clark robdclark@gmail.com Signed-off-by: Johan Hovold johan@kernel.org
Rob, Sean,
Sending a reminder about this one, which is not yet in linux-next.
Perhaps Daniel can pick it up otherwise?
Thanks, Johan
drivers/gpu/drm/msm/msm_debugfs.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/msm/msm_debugfs.c b/drivers/gpu/drm/msm/msm_debugfs.c index 6be879578140..1c74381a4fc9 100644 --- a/drivers/gpu/drm/msm/msm_debugfs.c +++ b/drivers/gpu/drm/msm/msm_debugfs.c @@ -47,12 +47,8 @@ static int msm_gpu_release(struct inode *inode, struct file *file) struct msm_gpu_show_priv *show_priv = m->private; struct msm_drm_private *priv = show_priv->dev->dev_private; struct msm_gpu *gpu = priv->gpu;
- int ret;
- ret = mutex_lock_interruptible(&show_priv->dev->struct_mutex);
- if (ret)
return ret;
- mutex_lock(&show_priv->dev->struct_mutex); gpu->funcs->gpu_state_put(show_priv->state); mutex_unlock(&show_priv->dev->struct_mutex);
On Wed, Oct 30, 2019 at 11:01:46AM +0100, Johan Hovold wrote:
On Thu, Oct 10, 2019 at 03:13:30PM +0200, Johan Hovold wrote:
If a process is interrupted while accessing the "gpu" debugfs file and the drm device struct_mutex is contended, release() could return early and fail to free related resources.
Note that the return value from release() is ignored.
Fixes: 4f776f4511c7 ("drm/msm/gpu: Convert the GPU show function to use the GPU state") Cc: stable stable@vger.kernel.org # 4.18 Cc: Jordan Crouse jcrouse@codeaurora.org Cc: Rob Clark robdclark@gmail.com Signed-off-by: Johan Hovold johan@kernel.org
Rob, Sean,
Sending a reminder about this one, which is not yet in linux-next.
Perhaps Daniel can pick it up otherwise?
Another two weeks, another reminder. This one is still not in -next.
Johan
drivers/gpu/drm/msm/msm_debugfs.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/msm/msm_debugfs.c b/drivers/gpu/drm/msm/msm_debugfs.c index 6be879578140..1c74381a4fc9 100644 --- a/drivers/gpu/drm/msm/msm_debugfs.c +++ b/drivers/gpu/drm/msm/msm_debugfs.c @@ -47,12 +47,8 @@ static int msm_gpu_release(struct inode *inode, struct file *file) struct msm_gpu_show_priv *show_priv = m->private; struct msm_drm_private *priv = show_priv->dev->dev_private; struct msm_gpu *gpu = priv->gpu;
- int ret;
- ret = mutex_lock_interruptible(&show_priv->dev->struct_mutex);
- if (ret)
return ret;
- mutex_lock(&show_priv->dev->struct_mutex); gpu->funcs->gpu_state_put(show_priv->state); mutex_unlock(&show_priv->dev->struct_mutex);
On Tue, Nov 12, 2019 at 11:40:01AM +0100, Johan Hovold wrote:
On Wed, Oct 30, 2019 at 11:01:46AM +0100, Johan Hovold wrote:
On Thu, Oct 10, 2019 at 03:13:30PM +0200, Johan Hovold wrote:
If a process is interrupted while accessing the "gpu" debugfs file and the drm device struct_mutex is contended, release() could return early and fail to free related resources.
Note that the return value from release() is ignored.
Fixes: 4f776f4511c7 ("drm/msm/gpu: Convert the GPU show function to use the GPU state") Cc: stable stable@vger.kernel.org # 4.18 Cc: Jordan Crouse jcrouse@codeaurora.org Cc: Rob Clark robdclark@gmail.com Signed-off-by: Johan Hovold johan@kernel.org
Rob, Sean,
Sending a reminder about this one, which is not yet in linux-next.
Perhaps Daniel can pick it up otherwise?
Another two weeks, another reminder. This one is still not in -next.
Well msm is maintained in a separate tree, so the usual group maintainer fallback for when patches are stuck doesn't apply.
Rob, Sean, time to reconsider drm-misc for msm? I think there's some more oddball patches that occasionally get stuck for msm ...
Also +Dave. -Daniel
Johan
drivers/gpu/drm/msm/msm_debugfs.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/msm/msm_debugfs.c b/drivers/gpu/drm/msm/msm_debugfs.c index 6be879578140..1c74381a4fc9 100644 --- a/drivers/gpu/drm/msm/msm_debugfs.c +++ b/drivers/gpu/drm/msm/msm_debugfs.c @@ -47,12 +47,8 @@ static int msm_gpu_release(struct inode *inode, struct file *file) struct msm_gpu_show_priv *show_priv = m->private; struct msm_drm_private *priv = show_priv->dev->dev_private; struct msm_gpu *gpu = priv->gpu;
- int ret;
- ret = mutex_lock_interruptible(&show_priv->dev->struct_mutex);
- if (ret)
return ret;
- mutex_lock(&show_priv->dev->struct_mutex); gpu->funcs->gpu_state_put(show_priv->state); mutex_unlock(&show_priv->dev->struct_mutex);
On Tue, Nov 12, 2019 at 6:01 AM Daniel Vetter daniel@ffwll.ch wrote:
On Tue, Nov 12, 2019 at 11:40:01AM +0100, Johan Hovold wrote:
On Wed, Oct 30, 2019 at 11:01:46AM +0100, Johan Hovold wrote:
On Thu, Oct 10, 2019 at 03:13:30PM +0200, Johan Hovold wrote:
If a process is interrupted while accessing the "gpu" debugfs file and the drm device struct_mutex is contended, release() could return early and fail to free related resources.
Note that the return value from release() is ignored.
Fixes: 4f776f4511c7 ("drm/msm/gpu: Convert the GPU show function to use the GPU state") Cc: stable stable@vger.kernel.org # 4.18 Cc: Jordan Crouse jcrouse@codeaurora.org Cc: Rob Clark robdclark@gmail.com Signed-off-by: Johan Hovold johan@kernel.org
Rob, Sean,
Sending a reminder about this one, which is not yet in linux-next.
Perhaps Daniel can pick it up otherwise?
Another two weeks, another reminder. This one is still not in -next.
Well msm is maintained in a separate tree, so the usual group maintainer fallback for when patches are stuck doesn't apply.
oh, sorry, this wasn't showing up in patchwork.. or rather it did but the non-msm related series subject made me overlook it.
I've already sent a PR, but this shouldn't conflict with anything and I think it can go in via drm-misc/fixes
Reviewed-by: Rob Clark robdclark@gmail.com
Rob, Sean, time to reconsider drm-misc for msm? I think there's some more oddball patches that occasionally get stuck for msm ...
Also +Dave. -Daniel
Johan
drivers/gpu/drm/msm/msm_debugfs.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/msm/msm_debugfs.c b/drivers/gpu/drm/msm/msm_debugfs.c index 6be879578140..1c74381a4fc9 100644 --- a/drivers/gpu/drm/msm/msm_debugfs.c +++ b/drivers/gpu/drm/msm/msm_debugfs.c @@ -47,12 +47,8 @@ static int msm_gpu_release(struct inode *inode, struct file *file) struct msm_gpu_show_priv *show_priv = m->private; struct msm_drm_private *priv = show_priv->dev->dev_private; struct msm_gpu *gpu = priv->gpu;
- int ret;
- ret = mutex_lock_interruptible(&show_priv->dev->struct_mutex);
- if (ret)
return ret;
- mutex_lock(&show_priv->dev->struct_mutex); gpu->funcs->gpu_state_put(show_priv->state); mutex_unlock(&show_priv->dev->struct_mutex);
-- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch
On Tue, Nov 12, 2019 at 08:32:07AM -0800, Rob Clark wrote:
On Tue, Nov 12, 2019 at 6:01 AM Daniel Vetter daniel@ffwll.ch wrote:
On Tue, Nov 12, 2019 at 11:40:01AM +0100, Johan Hovold wrote:
On Wed, Oct 30, 2019 at 11:01:46AM +0100, Johan Hovold wrote:
On Thu, Oct 10, 2019 at 03:13:30PM +0200, Johan Hovold wrote:
If a process is interrupted while accessing the "gpu" debugfs file and the drm device struct_mutex is contended, release() could return early and fail to free related resources.
Note that the return value from release() is ignored.
Fixes: 4f776f4511c7 ("drm/msm/gpu: Convert the GPU show function to use the GPU state") Cc: stable stable@vger.kernel.org # 4.18 Cc: Jordan Crouse jcrouse@codeaurora.org Cc: Rob Clark robdclark@gmail.com Signed-off-by: Johan Hovold johan@kernel.org
Rob, Sean,
Sending a reminder about this one, which is not yet in linux-next.
Perhaps Daniel can pick it up otherwise?
Another two weeks, another reminder. This one is still not in -next.
Well msm is maintained in a separate tree, so the usual group maintainer fallback for when patches are stuck doesn't apply.
oh, sorry, this wasn't showing up in patchwork.. or rather it did but the non-msm related series subject made me overlook it.
I've already sent a PR, but this shouldn't conflict with anything and I think it can go in via drm-misc/fixes
Reviewed-by: Rob Clark robdclark@gmail.com
Thanks for the patch, pushed to drm-misc-next-fixes
Sean
Rob, Sean, time to reconsider drm-misc for msm? I think there's some more oddball patches that occasionally get stuck for msm ...
Also +Dave. -Daniel
Johan
drivers/gpu/drm/msm/msm_debugfs.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/msm/msm_debugfs.c b/drivers/gpu/drm/msm/msm_debugfs.c index 6be879578140..1c74381a4fc9 100644 --- a/drivers/gpu/drm/msm/msm_debugfs.c +++ b/drivers/gpu/drm/msm/msm_debugfs.c @@ -47,12 +47,8 @@ static int msm_gpu_release(struct inode *inode, struct file *file) struct msm_gpu_show_priv *show_priv = m->private; struct msm_drm_private *priv = show_priv->dev->dev_private; struct msm_gpu *gpu = priv->gpu;
- int ret;
- ret = mutex_lock_interruptible(&show_priv->dev->struct_mutex);
- if (ret)
return ret;
- mutex_lock(&show_priv->dev->struct_mutex); gpu->funcs->gpu_state_put(show_priv->state); mutex_unlock(&show_priv->dev->struct_mutex);
-- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch
linux-stable-mirror@lists.linaro.org
-
Daniel Vetter -
Johan Hovold -
Rob Clark -
Sean Paul