git.baikalelectronics.ru Git - kernel.git/commit

author	Steven Price <steven.price@arm.com>
	Thu, 19 May 2022 15:20:03 +0000 (16:20 +0100)
committer	Steven Price <steven.price@arm.com>
	Wed, 25 May 2022 08:14:22 +0000 (09:14 +0100)
commit	743cd3379f8e7878520ef1931724b33cc9de1557
tree	f8d32ff533589db83c32342b913b5efde8f7eed2	tree \| snapshot
parent	62be1a3a59886412666801ecc523dc692713f369	commit \| diff

drm/panfrost: Job should reference MMU not file_priv

For a while now it's been allowed for a MMU context to outlive it's
corresponding panfrost_priv, however the job structure still references
panfrost_priv to get hold of the MMU context. If panfrost_priv has been
freed this is a use-after-free which I've been able to trigger resulting
in a splat.

To fix this, drop the reference to panfrost_priv in the job structure
and add a direct reference to the MMU structure which is what's actually
needed.

Fixes: 66d740d6052e ("drm/panfrost: Make sure MMU context lifetime is not bound to panfrost_priv")
Signed-off-by: Steven Price <steven.price@arm.com>
Acked-by: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220519152003.81081-1-steven.price@arm.com

drivers/gpu/drm/panfrost/panfrost_drv.c		diff \| blob \| history
drivers/gpu/drm/panfrost/panfrost_job.c		diff \| blob \| history
drivers/gpu/drm/panfrost/panfrost_job.h		diff \| blob \| history