linux-arm-msm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/2] accel/qaic fixes for 6.4 part 2
@ 2023-06-02 21:04 Jeffrey Hugo
  2023-06-02 21:04 ` [PATCH 1/2] accel/qaic: Free user handle on interrupted mutex Jeffrey Hugo
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Jeffrey Hugo @ 2023-06-02 21:04 UTC (permalink / raw)
  To: dri-devel
  Cc: ogabbay, jacek.lawrynowicz, stanislaw.gruszka, quic_carlv,
	quic_ajitpals, linux-arm-msm, linux-kernel, Jeffrey Hugo

Two additional fixes for corner cases found during development when
buggy userspace or firmware ends up subjecting the KMD to error
scenarios.

Carl Vanderlip (1):
  accel/qaic: Free user handle on interrupted mutex

Jeffrey Hugo (1):
  accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device()

 drivers/accel/qaic/qaic_drv.c | 4 ++++
 1 file changed, 4 insertions(+)

-- 
2.40.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/2] accel/qaic: Free user handle on interrupted mutex
  2023-06-02 21:04 [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
@ 2023-06-02 21:04 ` Jeffrey Hugo
  2023-06-02 21:04 ` [PATCH 2/2] accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device() Jeffrey Hugo
  2023-06-09 17:20 ` [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
  2 siblings, 0 replies; 4+ messages in thread
From: Jeffrey Hugo @ 2023-06-02 21:04 UTC (permalink / raw)
  To: dri-devel
  Cc: ogabbay, jacek.lawrynowicz, stanislaw.gruszka, quic_carlv,
	quic_ajitpals, linux-arm-msm, linux-kernel,
	Pranjal Ramajor Asha Kanojiya, Jeffrey Hugo

From: Carl Vanderlip <quic_carlv@quicinc.com>

After user handle is allocated, if mutex is interrupted, we do not free
the user handle and return an error. Kref had been initialized, but not
added to users list, so device teardown would also not call free_usr.

Fixes: c501ca23a6a3 ("accel/qaic: Add uapi and core driver file")
Signed-off-by: Carl Vanderlip <quic_carlv@quicinc.com>
Reviewed-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy@quicinc.com>
Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
---
 drivers/accel/qaic/qaic_drv.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/accel/qaic/qaic_drv.c b/drivers/accel/qaic/qaic_drv.c
index 2d0828db28d8..961cd341b414 100644
--- a/drivers/accel/qaic/qaic_drv.c
+++ b/drivers/accel/qaic/qaic_drv.c
@@ -97,6 +97,7 @@ static int qaic_open(struct drm_device *dev, struct drm_file *file)
 
 cleanup_usr:
 	cleanup_srcu_struct(&usr->qddev_lock);
+	ida_free(&qaic_usrs, usr->handle);
 free_usr:
 	kfree(usr);
 dev_unlock:
-- 
2.40.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/2] accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device()
  2023-06-02 21:04 [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
  2023-06-02 21:04 ` [PATCH 1/2] accel/qaic: Free user handle on interrupted mutex Jeffrey Hugo
@ 2023-06-02 21:04 ` Jeffrey Hugo
  2023-06-09 17:20 ` [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
  2 siblings, 0 replies; 4+ messages in thread
From: Jeffrey Hugo @ 2023-06-02 21:04 UTC (permalink / raw)
  To: dri-devel
  Cc: ogabbay, jacek.lawrynowicz, stanislaw.gruszka, quic_carlv,
	quic_ajitpals, linux-arm-msm, linux-kernel, Jeffrey Hugo,
	Pranjal Ramajor Asha Kanojiya

If qaic_destroy_drm_device() is called before the device has fully
initialized it will cause a NULL pointer dereference as the drm device
has not yet been created. Fix this with a NULL check.

Fixes: c501ca23a6a3 ("accel/qaic: Add uapi and core driver file")
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Carl Vanderlip <quic_carlv@quicinc.com>
Reviewed-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy@quicinc.com>
---
 drivers/accel/qaic/qaic_drv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/accel/qaic/qaic_drv.c b/drivers/accel/qaic/qaic_drv.c
index 961cd341b414..b5ba550a0c04 100644
--- a/drivers/accel/qaic/qaic_drv.c
+++ b/drivers/accel/qaic/qaic_drv.c
@@ -225,6 +225,9 @@ static void qaic_destroy_drm_device(struct qaic_device *qdev, s32 partition_id)
 	struct qaic_user *usr;
 
 	qddev = qdev->qddev;
+	qdev->qddev = NULL;
+	if (!qddev)
+		return;
 
 	/*
 	 * Existing users get unresolvable errors till they close FDs.
-- 
2.40.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 0/2] accel/qaic fixes for 6.4 part 2
  2023-06-02 21:04 [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
  2023-06-02 21:04 ` [PATCH 1/2] accel/qaic: Free user handle on interrupted mutex Jeffrey Hugo
  2023-06-02 21:04 ` [PATCH 2/2] accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device() Jeffrey Hugo
@ 2023-06-09 17:20 ` Jeffrey Hugo
  2 siblings, 0 replies; 4+ messages in thread
From: Jeffrey Hugo @ 2023-06-09 17:20 UTC (permalink / raw)
  To: dri-devel
  Cc: ogabbay, jacek.lawrynowicz, stanislaw.gruszka, quic_carlv,
	quic_ajitpals, linux-arm-msm, linux-kernel

On 6/2/2023 3:04 PM, Jeffrey Hugo wrote:
> Two additional fixes for corner cases found during development when
> buggy userspace or firmware ends up subjecting the KMD to error
> scenarios.
> 
> Carl Vanderlip (1):
>    accel/qaic: Free user handle on interrupted mutex
> 
> Jeffrey Hugo (1):
>    accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device()
> 
>   drivers/accel/qaic/qaic_drv.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 

Pushed to drm-misc-fixes

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-06-09 17:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-02 21:04 [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo
2023-06-02 21:04 ` [PATCH 1/2] accel/qaic: Free user handle on interrupted mutex Jeffrey Hugo
2023-06-02 21:04 ` [PATCH 2/2] accel/qaic: Fix NULL pointer deref in qaic_destroy_drm_device() Jeffrey Hugo
2023-06-09 17:20 ` [PATCH 0/2] accel/qaic fixes for 6.4 part 2 Jeffrey Hugo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).