review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Steven Price <steven.price@arm.com>
	Thu, 19 May 2022 15:20:03 +0000 (16:20 +0100)
committer	Steven Price <steven.price@arm.com>
	Wed, 25 May 2022 08:14:22 +0000 (09:14 +0100)
commit	6e516faf04317db2c46cbec4e3b78b4653a5b109
tree	f8d32ff533589db83c32342b913b5efde8f7eed2	tree \| snapshot
parent	edbc7960bef7fd71ef1e44d0df15b864784b14c8	commit \| diff

drm/panfrost: Job should reference MMU not file_priv

For a while now it's been allowed for a MMU context to outlive it's
corresponding panfrost_priv, however the job structure still references
panfrost_priv to get hold of the MMU context. If panfrost_priv has been
freed this is a use-after-free which I've been able to trigger resulting
in a splat.

To fix this, drop the reference to panfrost_priv in the job structure
and add a direct reference to the MMU structure which is what's actually
needed.

Fixes: 7fdc48cc63a3 ("drm/panfrost: Make sure MMU context lifetime is not bound to panfrost_priv")
Signed-off-by: Steven Price <steven.price@arm.com>
Acked-by: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220519152003.81081-1-steven.price@arm.com

drivers/gpu/drm/panfrost/panfrost_drv.c		diff \| blob \| history
drivers/gpu/drm/panfrost/panfrost_job.c		diff \| blob \| history
drivers/gpu/drm/panfrost/panfrost_job.h		diff \| blob \| history