[PATCH 03/11] drm/panthor: Fix UAF on works queued to panthor_cleanup_wq

Next message: Peter Zijlstra: "Re: [PATCH 1/2] sched/core: Allow newidle for core-sched"
Previous message: Boris Brezillon: "[PATCH 05/11] drm/panthor: Fix theoretical IOMEM access in suspended state"
In reply to: Liviu Dudau: "Re: [PATCH 05/11] drm/panthor: Fix theoretical IOMEM access in suspended state"
Next in thread: Boris Brezillon: "Re: [PATCH 03/11] drm/panthor: Fix UAF on works queued to panthor_cleanup_wq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Boris Brezillon

Date: Thu Jun 25 2026 - 08:41:48 EST

If we don't drain the panthor_cleanup_wq before
unregistering/destroying the panthor_device, we might end up with
cleanup works that are executed after the device is gone.

Add a drain_workqueue() call in panthor_device_unplug() to prevent
that.

Fixes: de8548813824 ("drm/panthor: Add the scheduler logical block")
Fixes: 647810ec2476 ("drm/panthor: Add the MMU/VM logical block")
Reported-by: sashiko-bot@xxxxxxxxxx
Closes: https://sashiko.dev/#/patchset/20260625-panthor-signal-from-irq-v5-0-8836a74e0ef9@xxxxxxxxxxxxx?part=2
Signed-off-by: Boris Brezillon <boris.brezillon@xxxxxxxxxxxxx>
---
drivers/gpu/drm/panthor/panthor_device.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/drivers/gpu/drm/panthor/panthor_device.c b/drivers/gpu/drm/panthor/panthor_device.c
index 0b25abebb803..a0774e28aa94 100644
--- a/drivers/gpu/drm/panthor/panthor_device.c
+++ b/drivers/gpu/drm/panthor/panthor_device.c
@@ -101,6 +101,11 @@ void panthor_device_unplug(struct panthor_device *ptdev)
panthor_gpu_unplug(ptdev);
panthor_pwr_unplug(ptdev);

+ /* Make sure works queued to panthor_cleanup_wq are executed
+ * before the device is destroyed.
+ */
+ drain_workqueue(panthor_cleanup_wq);
+
pm_runtime_dont_use_autosuspend(ptdev->base.dev);
pm_runtime_put_sync_suspend(ptdev->base.dev);

--
2.54.0