[PATCH 4.9 50/64] etnaviv: fix gem object list corruption

From: Greg Kroah-Hartman
Date: Tue Oct 03 2017 - 08:25:45 EST


4.9-stable review patch. If anyone has any objections, please let me know.

------------------

From: Lucas Stach <l.stach@xxxxxxxxxxxxxx>

commit 518417525f3652c12fb5fad6da4ade66c0072fa3 upstream.

All manipulations of the gem_object list need to be protected by
the list mutex, as GEM objects can be created and freed in parallel.
This fixes a kernel memory corruption.

Signed-off-by: Lucas Stach <l.stach@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 3 +++
1 file changed, 3 insertions(+)

--- a/drivers/gpu/drm/etnaviv/etnaviv_gem.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_gem.c
@@ -549,12 +549,15 @@ static const struct etnaviv_gem_ops etna
void etnaviv_gem_free_object(struct drm_gem_object *obj)
{
struct etnaviv_gem_object *etnaviv_obj = to_etnaviv_bo(obj);
+ struct etnaviv_drm_private *priv = obj->dev->dev_private;
struct etnaviv_vram_mapping *mapping, *tmp;

/* object should not be active */
WARN_ON(is_active(etnaviv_obj));

+ mutex_lock(&priv->gem_lock);
list_del(&etnaviv_obj->gem_node);
+ mutex_unlock(&priv->gem_lock);

list_for_each_entry_safe(mapping, tmp, &etnaviv_obj->vram_list,
obj_node) {