git.ipfire.org Git - people/ms/linux.git/commit

author	Michał Winiarski <michal.winiarski@intel.com>
	Tue, 3 Feb 2015 14:48:17 +0000 (15:48 +0100)
committer	Sasha Levin <sasha.levin@oracle.com>
	Sat, 14 Mar 2015 19:37:18 +0000 (15:37 -0400)
commit	5c8bf2b80c3d002b8fb5b76cd6f112da69fc0cc9
tree	acea73a7697092f20454891a137151a23da616fc	tree \| snapshot
parent	4182c01b2586909366f48bcd498b8ca1de196898	commit \| diff

drm/i915: Prevent use-after-free in invalidate_range_start callback

commit 460822b0b1a77db859b0320469799fa4dbe4d367 upstream.

It's possible for invalidate_range_start mmu notifier callback to race
against userptr object release. If the gem object was released prior to
obtaining the spinlock in invalidate_range_start we're hitting null
pointer dereference.

Testcase: igt/gem_userptr_blits/stress-mm-invalidate-close
Testcase: igt/gem_userptr_blits/stress-mm-invalidate-close-overlap
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Michał Winiarski <michal.winiarski@intel.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
[Jani: added code comment suggested by Chris]
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>