Re: [PATCH 2/2 RESEND] drm/vc4: Fix OOPSes from trying to cache a partially constructed BO.
From: Boris Brezillon
Date: Thu Mar 02 2017 - 03:51:46 EST
On Wed, 1 Mar 2017 10:56:02 -0800
Eric Anholt <eric@xxxxxxxxxx> wrote:
> If a CMA allocation failed, the partially constructed BO would be
> unreferenced through the normal path, and we might choose to put it in
> the BO cache. If we then reused it before it expired from the cache,
> the kernel would OOPS.
>
> Signed-off-by: Eric Anholt <eric@xxxxxxxxxx>
> Fixes: c826a6e10644 ("drm/vc4: Add a BO cache.")
Reviewed-by: Boris Brezillon <boris.brezillon@xxxxxxxxxxxxxxxxxx>
> ---
> drivers/gpu/drm/vc4/vc4_bo.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/gpu/drm/vc4/vc4_bo.c b/drivers/gpu/drm/vc4/vc4_bo.c
> index e5c7aa935b4b..af29432a6471 100644
> --- a/drivers/gpu/drm/vc4/vc4_bo.c
> +++ b/drivers/gpu/drm/vc4/vc4_bo.c
> @@ -317,6 +317,14 @@ void vc4_free_object(struct drm_gem_object *gem_bo)
> goto out;
> }
>
> + /* If this object was partially constructed but CMA allocation
> + * had failed, just free it.
> + */
> + if (!bo->base.vaddr) {
> + vc4_bo_destroy(bo);
> + goto out;
> + }
> +
> cache_list = vc4_get_cache_list_for_size(dev, gem_bo->size);
> if (!cache_list) {
> vc4_bo_destroy(bo);