alistair23-linux

redonkable

drm/radeon: guard against calling an unpaired radeon_mn_unregister()

This check was accidently deleted in the below commit. There are cases
where the driver will call unregister even though it hasn't registered
anything.

 CPU 0 Unable to handle kernel paging request at virtual address 0000001c, epc == 808de6d4, ra == 804d32ec
 Call Trace:
 [<808de6d4>] mutex_lock+0x8/0x44
 [<804d32ec>] radeon_mn_unregister+0x3c/0xb0
 [<8041583c>] radeon_gem_object_free+0x18/0x2c
 [<803a451c>] drm_gem_object_release_handle+0x74/0xac
 [<803a45d0>] drm_gem_handle_delete+0x7c/0x128
 [<803a5bf4>] drm_ioctl_kernel+0xb0/0x108
 [<803a5e74>] drm_ioctl+0x200/0x3a8
 [<803e07b4>] radeon_drm_ioctl+0x54/0xc0
 [<801214dc>] do_vfs_ioctl+0x4e8/0x81c
 [<80121864>] ksys_ioctl+0x54/0xb0
 [<8001100c>] syscall_common+0x34/0x58

Link: https://lore.kernel.org/r/2fc7ef14-e89a-1f2d-381d-1c9b05da02d3@gmail.com
Fixes: 534e5f84b7 ("drm/radeon: use mmu_notifier_get/put for struct radeon_mn")
Reported-by: Petr Cvek <petrcvekcz@gmail.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>

alistair/sunxi64-5.4-dsi

Jason Gunthorpe

2019-09-02 03:01:03 -03:00

parent 6bdf3b0aee

commit f2bc09e951

1 changed files with 3 additions and 0 deletions

									
										3

drivers/gpu/drm/radeon/radeon_mn.c

										View File
									
				@ -234,6 +234,9 @@ void radeon_mn_unregister(struct radeon_bo *bo)

					struct radeon_mn *rmn = bo->mn;

					struct list_head *head;

					if (!rmn)

						return;

					mutex_lock(&rmn->lock);

					/* save the next list entry for later */

					head = bo->mn_list.next;

drm/radeon: guard against calling an unpaired radeon_mn_unregister()

3 drivers/gpu/drm/radeon/radeon_mn.c Unescape Escape View File

3

drivers/gpu/drm/radeon/radeon_mn.c

View File