| Message ID | 20250123225325.3271764-6-adrian.larumbe@collabora.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/panthor: Display size of internal kernel BOs through fdinfo | expand |
On Thu, 23 Jan 2025 22:53:02 +0000 Adrián Larumbe <adrian.larumbe@collabora.com> wrote: > Commit e16635d88fa0 ("drm/panthor: add DRM fdinfo support") failed to > protect access to groups with an xarray lock, which could lead to > use-after-free errors. > > Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com> > Fixes: e16635d88fa0 ("drm/panthor: add DRM fdinfo support") Nice catch! Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com> > --- > drivers/gpu/drm/panthor/panthor_sched.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c > index e6c08a694e41..1d283b4bab86 100644 > --- a/drivers/gpu/drm/panthor/panthor_sched.c > +++ b/drivers/gpu/drm/panthor/panthor_sched.c > @@ -2865,6 +2865,7 @@ void panthor_fdinfo_gather_group_samples(struct panthor_file *pfile) > if (IS_ERR_OR_NULL(gpool)) > return; > > + xa_lock(&gpool->xa); > xa_for_each(&gpool->xa, i, group) { > mutex_lock(&group->fdinfo.lock); > pfile->stats.cycles += group->fdinfo.data.cycles; > @@ -2873,6 +2874,7 @@ void panthor_fdinfo_gather_group_samples(struct panthor_file *pfile) > group->fdinfo.data.time = 0; > mutex_unlock(&group->fdinfo.lock); > } > + xa_unlock(&gpool->xa); > } > > static void group_sync_upd_work(struct work_struct *work)
On 23/01/2025 22:53, Adrián Larumbe wrote: > Commit e16635d88fa0 ("drm/panthor: add DRM fdinfo support") failed to > protect access to groups with an xarray lock, which could lead to > use-after-free errors. > > Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com> > Fixes: e16635d88fa0 ("drm/panthor: add DRM fdinfo support") Reviewed-by: Steven Price <steven.price@arm.com> > --- > drivers/gpu/drm/panthor/panthor_sched.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c > index e6c08a694e41..1d283b4bab86 100644 > --- a/drivers/gpu/drm/panthor/panthor_sched.c > +++ b/drivers/gpu/drm/panthor/panthor_sched.c > @@ -2865,6 +2865,7 @@ void panthor_fdinfo_gather_group_samples(struct panthor_file *pfile) > if (IS_ERR_OR_NULL(gpool)) > return; > > + xa_lock(&gpool->xa); > xa_for_each(&gpool->xa, i, group) { > mutex_lock(&group->fdinfo.lock); > pfile->stats.cycles += group->fdinfo.data.cycles; > @@ -2873,6 +2874,7 @@ void panthor_fdinfo_gather_group_samples(struct panthor_file *pfile) > group->fdinfo.data.time = 0; > mutex_unlock(&group->fdinfo.lock); > } > + xa_unlock(&gpool->xa); > } > > static void group_sync_upd_work(struct work_struct *work)
diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c index e6c08a694e41..1d283b4bab86 100644 --- a/drivers/gpu/drm/panthor/panthor_sched.c +++ b/drivers/gpu/drm/panthor/panthor_sched.c @@ -2865,6 +2865,7 @@ void panthor_fdinfo_gather_group_samples(struct panthor_file *pfile) if (IS_ERR_OR_NULL(gpool)) return; + xa_lock(&gpool->xa); xa_for_each(&gpool->xa, i, group) { mutex_lock(&group->fdinfo.lock); pfile->stats.cycles += group->fdinfo.data.cycles; @@ -2873,6 +2874,7 @@ void panthor_fdinfo_gather_group_samples(struct panthor_file *pfile) group->fdinfo.data.time = 0; mutex_unlock(&group->fdinfo.lock); } + xa_unlock(&gpool->xa); } static void group_sync_upd_work(struct work_struct *work)
Commit e16635d88fa0 ("drm/panthor: add DRM fdinfo support") failed to protect access to groups with an xarray lock, which could lead to use-after-free errors. Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com> Fixes: e16635d88fa0 ("drm/panthor: add DRM fdinfo support") --- drivers/gpu/drm/panthor/panthor_sched.c | 2 ++ 1 file changed, 2 insertions(+)