git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Rob Clark <robdclark@chromium.org>
	Fri, 18 Aug 2023 14:59:38 +0000 (07:59 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 30 Aug 2023 14:35:16 +0000 (16:35 +0200)
commit	d527abdb0c42a4f11fb1e717626c1dcfd9b2eab3
tree	27d0a762cb74c2ab983ebfaf5484d965fe6a9425	tree
parent	a6a0e8e39435ede8f307070eb86b6ade50fa383e	commit \| diff

dma-buf/sw_sync: Avoid recursive lock during fence signal

[ Upstream commit e531fdb5cd5ee2564b7fe10c8a9219e2b2fac61e ]

If a signal callback releases the sw_sync fence, that will trigger a
deadlock as the timeline_fence_release recurses onto the fence->lock
(used both for signaling and the the timeline tree).

To avoid that, temporarily hold an extra reference to the signalled
fences until after we drop the lock.

(This is an alternative implementation of https://patchwork.kernel.org/patch/11664717/
which avoids some potential UAF issues with the original patch.)

v2: Remove now obsolete comment, use list_move_tail() and
list_del_init()

Reported-by: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
Fixes: d3c6dd1fb30d ("dma-buf/sw_sync: Synchronize signal vs syncpt free")
Signed-off-by: Rob Clark <robdclark@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230818145939.39697-1-robdclark@gmail.com
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>