kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   7df24046a1510e64670d278fbacd785c50635908
  2.   patches.suse
  3.   1256-drm-Mark-up-racy-check-of-drm_gem_object.handle_coun.patch
Blob Blame History Raw 
From acb60f4b5384fe33db5e1df68c1694d475d697c3 Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Mon, 9 Mar 2020 12:01:51 +0000
Subject: drm: Mark up racy check of drm_gem_object.handle_count
Git-commit: 6afe6929964bca6847986d0507a555a041f07753
Patch-mainline: v5.7-rc1
References: jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322

[ 1715.899800] BUG: KCSAN: data-race in drm_gem_handle_create_tail / drm_gem_object_handle_put_unlocked
[ 1715.899838]
[ 1715.899861] write to 0xffff8881830f3604 of 4 bytes by task 7834 on cpu 1:
[ 1715.899896]  drm_gem_handle_create_tail+0x62/0x250
[ 1715.899927]  drm_gem_open_ioctl+0xc1/0x160
[ 1715.899956]  drm_ioctl_kernel+0xe4/0x120
[ 1715.899981]  drm_ioctl+0x297/0x4c7
[ 1715.900003]  ksys_ioctl+0x89/0xb0
[ 1715.900027]  __x64_sys_ioctl+0x42/0x60
[ 1715.900052]  do_syscall_64+0x6e/0x2c0
[ 1715.900079]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1715.900100]
[ 1715.900119] read to 0xffff8881830f3604 of 4 bytes by task 8137 on cpu 0:
[ 1715.900149]  drm_gem_object_handle_put_unlocked+0x31/0x130
[ 1715.900180]  drm_gem_object_release_handle+0x93/0xe0
[ 1715.900208]  drm_gem_handle_delete+0x7b/0xe0
[ 1715.900235]  drm_gem_close_ioctl+0x61/0x80
[ 1715.900264]  drm_ioctl_kernel+0xe4/0x120
[ 1715.900291]  drm_ioctl+0x297/0x4c7
[ 1715.900316]  ksys_ioctl+0x89/0xb0
[ 1715.900340]  __x64_sys_ioctl+0x42/0x60
[ 1715.900363]  do_syscall_64+0x6e/0x2c0
[ 1715.900388]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20200309120151.7675-1-chris@chris-wilson.co.uk
Signed-off-by: Patrik Jakobsson <pjakobsson@suse.de>
---
 drivers/gpu/drm/drm_gem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
index a9e4a610445a..37627d06fb06 100644
--- a/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -218,7 +218,7 @@ drm_gem_object_handle_put_unlocked(struct drm_gem_object *obj)
 	struct drm_device *dev = obj->dev;
 	bool final = false;
 
-	if (WARN_ON(obj->handle_count == 0))
+	if (WARN_ON(READ_ONCE(obj->handle_count) == 0))
 		return;
 
 	/*
-- 
2.28.0
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.