git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Umesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
	Thu, 18 Jul 2024 21:05:48 +0000 (14:05 -0700)
committer	Rodrigo Vivi <rodrigo.vivi@intel.com>
	Thu, 15 Aug 2024 13:44:22 +0000 (09:44 -0400)
commit	817c70e2ba278e9d5360833b1137ef8855ac1728
tree	ea93c843d9db798c99a1bb90b0821311edf8a4eb	tree
parent	6309f9b1fc4de2daa1293fe12a488d765e60507d	commit \| diff

drm/xe: Fix use after free when client stats are captured

xe_file_close triggers an asynchronous queue cleanup and then frees up
the xef object. Since queue cleanup flushes all pending jobs and the KMD
stores client usage stats into the xef object after jobs are flushed, we
see a use-after-free for the xef object. Resolve this by taking a
reference to xef from xe_exec_queue.

While at it, revert an earlier change that contained a partial work
around for this issue.

v2:
- Take a ref to xef even for the VM bind queue (Matt)
- Squash patches relevant to that fix and work around (Lucas)

v3: Fix typo (Lucas)

Fixes: ce62827bc294 ("drm/xe: Do not access xe file when updating exec queue run_ticks")
Fixes: 6109f24f87d7 ("drm/xe: Add helper to accumulate exec queue runtime")
Closes: https://gitlab.freedesktop.org/drm/xe/kernel/issues/1908
Signed-off-by: Umesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240718210548.3580382-5-umesh.nerlige.ramappa@intel.com
Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
(cherry picked from commit 2149ded63079449b8dddf9da38392632f155e6b5)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>

drivers/gpu/drm/xe/xe_drm_client.c		diff \| blob \| history
drivers/gpu/drm/xe/xe_exec_queue.c		diff \| blob \| history
drivers/gpu/drm/xe/xe_exec_queue_types.h		diff \| blob \| history