* [PATCH 0/2] accel/qaic fixes for 6.4 part 2
@ 2023-06-02 21:04 Jeffrey Hugo
2023-06-02 21:04 ` [PATCH 1/2] accel/qaic: Free user handle on interrupted mutex Jeffrey Hugo
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jeffrey Hugo @ 2023-06-02 21:04 UTC (permalink / raw)
To: dri-devel
Cc: ogabbay, jacek.lawrynowicz, stanislaw.gruszka, quic_carlv,
quic_ajitpals, linux-arm-msm, linux-kernel, Jeffrey Hugo
Two additional fixes for corner cases found during development when
buggy userspace or firmware ends up subjecting the KMD to error
scenarios.
Carl Vanderlip (1):
accel/qaic: Free user handle on interrupted mutex
Jeffrey Hugo (1):
accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device()
drivers/accel/qaic/qaic_drv.c | 4 ++++
1 file changed, 4 insertions(+)
--
2.40.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] accel/qaic: Free user handle on interrupted mutex
2023-06-02 21:04 [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
@ 2023-06-02 21:04 ` Jeffrey Hugo
2023-06-02 21:04 ` [PATCH 2/2] accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device() Jeffrey Hugo
2023-06-09 17:20 ` [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
2 siblings, 0 replies; 4+ messages in thread
From: Jeffrey Hugo @ 2023-06-02 21:04 UTC (permalink / raw)
To: dri-devel
Cc: ogabbay, jacek.lawrynowicz, stanislaw.gruszka, quic_carlv,
quic_ajitpals, linux-arm-msm, linux-kernel,
Pranjal Ramajor Asha Kanojiya, Jeffrey Hugo
From: Carl Vanderlip <quic_carlv@quicinc.com>
After user handle is allocated, if mutex is interrupted, we do not free
the user handle and return an error. Kref had been initialized, but not
added to users list, so device teardown would also not call free_usr.
Fixes: c501ca23a6a3 ("accel/qaic: Add uapi and core driver file")
Signed-off-by: Carl Vanderlip <quic_carlv@quicinc.com>
Reviewed-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy@quicinc.com>
Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
---
drivers/accel/qaic/qaic_drv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/accel/qaic/qaic_drv.c b/drivers/accel/qaic/qaic_drv.c
index 2d0828db28d8..961cd341b414 100644
--- a/drivers/accel/qaic/qaic_drv.c
+++ b/drivers/accel/qaic/qaic_drv.c
@@ -97,6 +97,7 @@ static int qaic_open(struct drm_device *dev, struct drm_file *file)
cleanup_usr:
cleanup_srcu_struct(&usr->qddev_lock);
+ ida_free(&qaic_usrs, usr->handle);
free_usr:
kfree(usr);
dev_unlock:
--
2.40.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device()
2023-06-02 21:04 [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
2023-06-02 21:04 ` [PATCH 1/2] accel/qaic: Free user handle on interrupted mutex Jeffrey Hugo
@ 2023-06-02 21:04 ` Jeffrey Hugo
2023-06-09 17:20 ` [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
2 siblings, 0 replies; 4+ messages in thread
From: Jeffrey Hugo @ 2023-06-02 21:04 UTC (permalink / raw)
To: dri-devel
Cc: ogabbay, jacek.lawrynowicz, stanislaw.gruszka, quic_carlv,
quic_ajitpals, linux-arm-msm, linux-kernel, Jeffrey Hugo,
Pranjal Ramajor Asha Kanojiya
If qaic_destroy_drm_device() is called before the device has fully
initialized it will cause a NULL pointer dereference as the drm device
has not yet been created. Fix this with a NULL check.
Fixes: c501ca23a6a3 ("accel/qaic: Add uapi and core driver file")
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Carl Vanderlip <quic_carlv@quicinc.com>
Reviewed-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy@quicinc.com>
---
drivers/accel/qaic/qaic_drv.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/accel/qaic/qaic_drv.c b/drivers/accel/qaic/qaic_drv.c
index 961cd341b414..b5ba550a0c04 100644
--- a/drivers/accel/qaic/qaic_drv.c
+++ b/drivers/accel/qaic/qaic_drv.c
@@ -225,6 +225,9 @@ static void qaic_destroy_drm_device(struct qaic_device *qdev, s32 partition_id)
struct qaic_user *usr;
qddev = qdev->qddev;
+ qdev->qddev = NULL;
+ if (!qddev)
+ return;
/*
* Existing users get unresolvable errors till they close FDs.
--
2.40.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] accel/qaic fixes for 6.4 part 2
2023-06-02 21:04 [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
2023-06-02 21:04 ` [PATCH 1/2] accel/qaic: Free user handle on interrupted mutex Jeffrey Hugo
2023-06-02 21:04 ` [PATCH 2/2] accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device() Jeffrey Hugo
@ 2023-06-09 17:20 ` Jeffrey Hugo
2 siblings, 0 replies; 4+ messages in thread
From: Jeffrey Hugo @ 2023-06-09 17:20 UTC (permalink / raw)
To: dri-devel
Cc: ogabbay, jacek.lawrynowicz, stanislaw.gruszka, quic_carlv,
quic_ajitpals, linux-arm-msm, linux-kernel
On 6/2/2023 3:04 PM, Jeffrey Hugo wrote:
> Two additional fixes for corner cases found during development when
> buggy userspace or firmware ends up subjecting the KMD to error
> scenarios.
>
> Carl Vanderlip (1):
> accel/qaic: Free user handle on interrupted mutex
>
> Jeffrey Hugo (1):
> accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device()
>
> drivers/accel/qaic/qaic_drv.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
Pushed to drm-misc-fixes
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-06-09 17:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-02 21:04 [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
2023-06-02 21:04 ` [PATCH 1/2] accel/qaic: Free user handle on interrupted mutex Jeffrey Hugo
2023-06-02 21:04 ` [PATCH 2/2] accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device() Jeffrey Hugo
2023-06-09 17:20 ` [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).