| Message ID | 1584341983-11245-1-git-send-email-hqjagain@gmail.com |
|---|---|
| State | Not Applicable |
| Delegated to: | David Miller |
| Headers | show |
| Series | drm/lease: fix potential race in fill_object_idr | expand |
Sorry about sending to wrong maintainers. Please ignore it. I'll resend it. On Mon, Mar 16, 2020 at 2:59 PM Qiujun Huang <hqjagain@gmail.com> wrote: > > We should hold idr_mutex for idr_alloc. > > Signed-off-by: Qiujun Huang <hqjagain@gmail.com> > --- > drivers/gpu/drm/drm_lease.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/drm_lease.c b/drivers/gpu/drm/drm_lease.c > index b481caf..427ee21 100644 > --- a/drivers/gpu/drm/drm_lease.c > +++ b/drivers/gpu/drm/drm_lease.c > @@ -418,6 +418,7 @@ static int fill_object_idr(struct drm_device *dev, > goto out_free_objects; > } > > + mutex_lock(&dev->mode_config.idr_mutex); > /* add their IDs to the lease request - taking into account > universal planes */ > for (o = 0; o < object_count; o++) { > @@ -437,7 +438,7 @@ static int fill_object_idr(struct drm_device *dev, > if (ret < 0) { > DRM_DEBUG_LEASE("Object %d cannot be inserted into leases (%d)\n", > object_id, ret); > - goto out_free_objects; > + goto out_unlock; > } > if (obj->type == DRM_MODE_OBJECT_CRTC && !universal_planes) { > struct drm_crtc *crtc = obj_to_crtc(obj); > @@ -445,20 +446,22 @@ static int fill_object_idr(struct drm_device *dev, > if (ret < 0) { > DRM_DEBUG_LEASE("Object primary plane %d cannot be inserted into leases (%d)\n", > object_id, ret); > - goto out_free_objects; > + goto out_unlock; > } > if (crtc->cursor) { > ret = idr_alloc(leases, &drm_lease_idr_object, crtc->cursor->base.id, crtc->cursor->base.id + 1, GFP_KERNEL); > if (ret < 0) { > DRM_DEBUG_LEASE("Object cursor plane %d cannot be inserted into leases (%d)\n", > object_id, ret); > - goto out_free_objects; > + goto out_unlock; > } > } > } > } > > ret = 0; > +out_unlock: > + mutex_unlock(&dev->mode_config.idr_mutex); > out_free_objects: > for (o = 0; o < object_count; o++) { > if (objects[o]) > -- > 1.8.3.1 >
diff --git a/drivers/gpu/drm/drm_lease.c b/drivers/gpu/drm/drm_lease.c index b481caf..427ee21 100644 --- a/drivers/gpu/drm/drm_lease.c +++ b/drivers/gpu/drm/drm_lease.c @@ -418,6 +418,7 @@ static int fill_object_idr(struct drm_device *dev, goto out_free_objects; } + mutex_lock(&dev->mode_config.idr_mutex); /* add their IDs to the lease request - taking into account universal planes */ for (o = 0; o < object_count; o++) { @@ -437,7 +438,7 @@ static int fill_object_idr(struct drm_device *dev, if (ret < 0) { DRM_DEBUG_LEASE("Object %d cannot be inserted into leases (%d)\n", object_id, ret); - goto out_free_objects; + goto out_unlock; } if (obj->type == DRM_MODE_OBJECT_CRTC && !universal_planes) { struct drm_crtc *crtc = obj_to_crtc(obj); @@ -445,20 +446,22 @@ static int fill_object_idr(struct drm_device *dev, if (ret < 0) { DRM_DEBUG_LEASE("Object primary plane %d cannot be inserted into leases (%d)\n", object_id, ret); - goto out_free_objects; + goto out_unlock; } if (crtc->cursor) { ret = idr_alloc(leases, &drm_lease_idr_object, crtc->cursor->base.id, crtc->cursor->base.id + 1, GFP_KERNEL); if (ret < 0) { DRM_DEBUG_LEASE("Object cursor plane %d cannot be inserted into leases (%d)\n", object_id, ret); - goto out_free_objects; + goto out_unlock; } } } } ret = 0; +out_unlock: + mutex_unlock(&dev->mode_config.idr_mutex); out_free_objects: for (o = 0; o < object_count; o++) { if (objects[o])
We should hold idr_mutex for idr_alloc. Signed-off-by: Qiujun Huang <hqjagain@gmail.com> --- drivers/gpu/drm/drm_lease.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)