Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 51841752 authored by Lucas Stach's avatar Lucas Stach
Browse files

etnaviv: fix gem object list corruption 



All manipulations of the gem_object list need to be protected by
the list mutex, as GEM objects can be created and freed in parallel.
This fixes a kernel memory corruption.

CC: stable@vger.kernel.org
Signed-off-by: default avatarLucas Stach <l.stach@pengutronix.de>
parent 5a642e6b

drivers/gpu/drm/etnaviv/etnaviv_gem.c

+3 −0
Original line number Diff line number Diff line
@@ -551,12 +551,15 @@ static const struct etnaviv_gem_ops etnaviv_gem_shmem_ops = { 
void etnaviv_gem_free_object(struct drm_gem_object *obj)

{

	struct etnaviv_gem_object *etnaviv_obj = to_etnaviv_bo(obj);

	struct etnaviv_drm_private *priv = obj->dev->dev_private;

	struct etnaviv_vram_mapping *mapping, *tmp;



	/* object should not be active */

	WARN_ON(is_active(etnaviv_obj));



	mutex_lock(&priv->gem_lock);

	list_del(&etnaviv_obj->gem_node);

	mutex_unlock(&priv->gem_lock);



	list_for_each_entry_safe(mapping, tmp, &etnaviv_obj->vram_list,

				 obj_node) {