public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] drm: Add the mutex protection in drm_do_vm_fault.
@ 2013-10-11 15:47 Jun Chen
  2013-11-06  3:33 ` Dave Airlie
  0 siblings, 1 reply; 2+ messages in thread
From: Jun Chen @ 2013-10-11 15:47 UTC (permalink / raw)
  To: airlied, viro, airlied; +Cc: dri-devel, Linux Kernel, Jun Chen


There are no mutex protection for the dev->map_hash while calling
the drm_ht_find_item in the function drm_do_vm_fault. So try to
mutex firstly and then find the list for using to avoid this race
condition.

Signed-off-by: Chen Jun <jun.d.chen@intel.com>
---
 drivers/gpu/drm/drm_vm.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/drm_vm.c b/drivers/gpu/drm/drm_vm.c
index b5c5af7..1d95221 100644
--- a/drivers/gpu/drm/drm_vm.c
+++ b/drivers/gpu/drm/drm_vm.c
@@ -107,8 +107,11 @@ static int drm_do_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
 	if (!dev->agp || !dev->agp->cant_use_aperture)
 		goto vm_fault_error;
 
-	if (drm_ht_find_item(&dev->map_hash, vma->vm_pgoff, &hash))
+	mutex_lock(&dev->struct_mutex);
+	if (drm_ht_find_item(&dev->map_hash, vma->vm_pgoff, &hash)) {
+		mutex_unlock(&dev->struct_mutex);
 		goto vm_fault_error;
+	}
 
 	r_list = drm_hash_entry(hash, struct drm_map_list, hash);
 	map = r_list->map;
@@ -140,8 +143,10 @@ static int drm_do_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
 				break;
 		}
 
-		if (&agpmem->head == &dev->agp->memory)
+		if (&agpmem->head == &dev->agp->memory) {
+			mutex_unlock(&dev->struct_mutex);
 			goto vm_fault_error;
+		}
 
 		/*
 		 * Get the page, inc the use count, and return it
@@ -151,6 +156,7 @@ static int drm_do_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
 		get_page(page);
 		vmf->page = page;
 
+		mutex_unlock(&dev->struct_mutex);
 		DRM_DEBUG
 		    ("baddr = 0x%llx page = 0x%p, offset = 0x%llx, count=%d\n",
 		     (unsigned long long)baddr,
@@ -159,6 +165,7 @@ static int drm_do_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
 		     page_count(page));
 		return 0;
 	}
+	mutex_unlock(&dev->struct_mutex);
 vm_fault_error:
 	return VM_FAULT_SIGBUS;	/* Disallow mremap */
 }
-- 
1.7.4.1




^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] drm: Add the mutex protection in drm_do_vm_fault.
  2013-10-11 15:47 [PATCH] drm: Add the mutex protection in drm_do_vm_fault Jun Chen
@ 2013-11-06  3:33 ` Dave Airlie
  0 siblings, 0 replies; 2+ messages in thread
From: Dave Airlie @ 2013-11-06  3:33 UTC (permalink / raw)
  To: Jun Chen; +Cc: Dave Airlie, Al Viro, Dave Airlie, dri-devel, Linux Kernel

On Sat, Oct 12, 2013 at 1:47 AM, Jun Chen <jun.d.chen@intel.com> wrote:
>
> There are no mutex protection for the dev->map_hash while calling
> the drm_ht_find_item in the function drm_do_vm_fault. So try to
> mutex firstly and then find the list for using to avoid this race
> condition.

Can I ask how or why you found this? from what I can see we really
shouldn't be executing this code on modern drivers.

this is the sort of thing I'd really like to have tested on real hw,
which means someone booting it on AGP using UMS drivers I think.

Dave.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-11-06  3:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-11 15:47 [PATCH] drm: Add the mutex protection in drm_do_vm_fault Jun Chen
2013-11-06  3:33 ` Dave Airlie

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox