From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Anholt Subject: Re: [PATCH] drm: vc4: Fix race during binding Date: Fri, 06 Oct 2017 12:42:58 -0700 Message-ID: <87y3oo2hbx.fsf@anholt.net> References: <1507315383-8107-1-git-send-email-stefan.wahren@i2se.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1225788065==" Return-path: Received: from anholt.net (anholt.net [50.246.234.109]) by gabe.freedesktop.org (Postfix) with ESMTP id BB71289316 for ; Fri, 6 Oct 2017 19:43:01 +0000 (UTC) In-Reply-To: <1507315383-8107-1-git-send-email-stefan.wahren@i2se.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: David Airlie Cc: Stefan Wahren , dri-devel@lists.freedesktop.org List-Id: dri-devel@lists.freedesktop.org --===============1225788065== Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Stefan Wahren writes: > This fixes the race between vc4_overflow_mem_work and the init of the > job lock. Otherwise we could trigger a NULL pointer dereference > during VC4 binding. > > Link: https://github.com/anholt/linux/issues/114 > Signed-off-by: Stefan Wahren > Fixes: d5b1a78a772f ("drm/vc4: Add support for drawing 3D frames.") > --- > drivers/gpu/drm/vc4/vc4_gem.c | 1 - > drivers/gpu/drm/vc4/vc4_irq.c | 1 + > 2 files changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/vc4/vc4_gem.c b/drivers/gpu/drm/vc4/vc4_gem.c > index d0c6bfb..47d964f 100644 > --- a/drivers/gpu/drm/vc4/vc4_gem.c > +++ b/drivers/gpu/drm/vc4/vc4_gem.c > @@ -1088,7 +1088,6 @@ vc4_gem_init(struct drm_device *dev) > INIT_LIST_HEAD(&vc4->render_job_list); > INIT_LIST_HEAD(&vc4->job_done_list); > INIT_LIST_HEAD(&vc4->seqno_cb_list); > - spin_lock_init(&vc4->job_lock); >=20=20 > INIT_WORK(&vc4->hangcheck.reset_work, vc4_reset_work); > setup_timer(&vc4->hangcheck.timer, > diff --git a/drivers/gpu/drm/vc4/vc4_irq.c b/drivers/gpu/drm/vc4/vc4_irq.c > index 7d7af3a..d508d13 100644 > --- a/drivers/gpu/drm/vc4/vc4_irq.c > +++ b/drivers/gpu/drm/vc4/vc4_irq.c > @@ -195,6 +195,7 @@ vc4_irq_preinstall(struct drm_device *dev) > struct vc4_dev *vc4 =3D to_vc4_dev(dev); >=20=20 > init_waitqueue_head(&vc4->job_wait_queue); > + spin_lock_init(&vc4->job_lock); > INIT_WORK(&vc4->overflow_mem_work, vc4_overflow_mem_work); >=20=20 > /* Clear any pending interrupts someone might have left around Are you sure this is a fix? We don't attach the IRQ handler until V3D bind, and vc4_gem_init happens before component_bind_all(), right? --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/JuuFDWp9/ZkuCBXtdYpNtH8nugFAlnX3MIACgkQtdYpNtH8 nujY/A//ZyPFksjjZoCHQ1P5G3eA2m2gF8QaQoN/2dHz3beiYUdSiWZuQMFw4zRG zW7xLmLIphMcGOU2hnWaSe8GiIXe+/Un0RaMxwnzbaJRwXnOCeqmR1m45bsXdlWz VtVS7smYtsUX/ywYQbXBqAqfInTWwKJ00qK9WkTtBVzIHAd2gU0nJbi5P+aVTua0 Bkpl0cn+LMmFIKg00wTYNL2glTTFSXQxEtr8sQB03y6BFGPJ/fM3FG6d+dxttOwT kGl0eVYRVozRpZtfLPV5Ckz1Jz3zFhlOWmnIkSwGoSd8icfsGIUliTknYDiyxZHz V8hwL27Qhp47o7WixGBx260Ck6wuoog2etmKuTrCe5Uk/OianbQf5yOTr+6RrIH8 ionBOFRP4HVQBAUsho7ulHtNsW17BpBdeuBreMxnUFBYkC35CAtNB9SMRK1m6GzX dzl7CPFYTU/P0++/fYDJ9pZB0jrLhXIKgFeH/tLjW+SzMkDeZZmoxag7LU7K0bPt IBt2WIuLSNm/MW/RMIBW0Unn0qhcXPIq1JeKwPKt3TBuwIIMYG2sPFAT8RmDNerW H1DaXa5E8+x2azMyZ4kzuCXxqq+l4IkpGHYeViZ01CFz8jaZtYPJ607XHTkDV3BD 5bGFeV1RqZkrlOH8ADQO1z31g8T3Dh3AJilMoia7WluwKevnMys= =PkoP -----END PGP SIGNATURE----- --=-=-=-- --===============1225788065== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KZHJpLWRldmVs IG1haWxpbmcgbGlzdApkcmktZGV2ZWxAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHBzOi8vbGlz dHMuZnJlZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8vZHJpLWRldmVsCg== --===============1225788065==--