]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 843f10c)
drm/i915/gt: Empty uabi engines list during intel_engines_release()
authorKrzysztof Niemiec <krzysztof.niemiec@intel.com>
Thu, 1 Aug 2024 15:40:48 +0000 (17:40 +0200)
committerAndi Shyti <andi.shyti@linux.intel.com>
Mon, 5 Aug 2024 22:10:46 +0000 (23:10 +0100)
While the uabi_engines_llist is populated in intel_engines_init() during
driver load, the corresponding function intel_engines_release() does not
correctly get rid of it. This can lead to a UAF if, after failed
initialization (for example when gt is set wedged on init), we try to
access the engines.

Suggested-by: Chris Wilson <chris.p.wilson@linux.intel.com>
Signed-off-by: Krzysztof Niemiec <krzysztof.niemiec@intel.com>
Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240801154047.115176-2-krzysztof.niemiec@intel.com
drivers/gpu/drm/i915/gt/intel_engine_cs.c patch | blob | blame | history

diff --git a/drivers/gpu/drm/i915/gt/intel_engine_cs.c b/drivers/gpu/drm/i915/gt/intel_engine_cs.c
index 3b740ca2500091a36e1e1ccf3fa4f2f93dac5f57..4d30a86016f2412d9fd99551596f4e4aad4c697e 100644 (file)
--- a/drivers/gpu/drm/i915/gt/intel_engine_cs.c
+++ b/drivers/gpu/drm/i915/gt/intel_engine_cs.c
@@ -693,6 +693,8 @@ void intel_engines_release(struct intel_gt *gt)
 
                memset(&engine->reset, 0, sizeof(engine->reset));
        }
+
+       llist_del_all(&gt->i915->uabi_engines_llist);
 }
 
 void intel_engine_free_request_pool(struct intel_engine_cs *engine)
A mirror of Linus' kernel repository