git.baikalelectronics.ru Git - kernel.git/commit

drm/sched: Fix drm_sched_fence_free() so it can be passed an uninitialized fence

drm_sched_job_cleanup() will pass an uninitialized fence to
drm_sched_fence_free(), which will cause to_drm_sched_fence() to return
a NULL fence object, causing a NULL pointer deref when this NULL object
is passed to kmem_cache_free().

Let's create a new drm_sched_fence_free() function that takes a
drm_sched_fence pointer and suffix the old function with _rcu. While at
it, complain if drm_sched_fence_free() is passed an initialized fence
or if drm_sched_fence_free_rcu() is passed an uninitialized fence.

Fixes: e88167adddf6 ("drm/sched: Split drm_sched_job_init")
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20210903120554.444101-1-boris.brezillon@collabora.com

author	Boris Brezillon <boris.brezillon@collabora.com>
	Fri, 3 Sep 2021 12:05:54 +0000 (14:05 +0200)
committer	Boris Brezillon <boris.brezillon@collabora.com>
	Tue, 7 Sep 2021 07:58:26 +0000 (09:58 +0200)
commit	06e6078cc2d84fae292b4e68449ff89b93484f62
tree	018f5f404e035d49e67ed13829cd4b878555eaa4	tree \| snapshot
parent	92603bd8a6d317d2b82e502d92358597b6b32ad3	commit \| diff

drivers/gpu/drm/scheduler/sched_fence.c		diff \| blob \| history
drivers/gpu/drm/scheduler/sched_main.c		diff \| blob \| history
include/drm/gpu_scheduler.h		diff \| blob \| history