From 0a5fdc0fc380328ee193a593240375b877c0f9d8 Mon Sep 17 00:00:00 2001 From: Jayaprakash Date: Tue, 20 Oct 2020 17:30:05 +0530 Subject: [PATCH] disp: msm: sde: increment refcount of dma_fence before access Add changes to increment refcount of dma_fence before accessing the input_fence structure in plane_state through debug_fs node and decrement once access is finished. This prevents the use after free issues when accessed through debug_fs node. Change-Id: I262336ce2b86a94d7662d834e8fd3509dadda1bd Signed-off-by: Jayaprakash --- msm/sde/sde_crtc.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/msm/sde/sde_crtc.c b/msm/sde/sde_crtc.c index 1b00997b98..f7d531d01c 100644 --- a/msm/sde/sde_crtc.c +++ b/msm/sde/sde_crtc.c @@ -6151,10 +6151,18 @@ static int _sde_debugfs_fence_status_show(struct seq_file *s, void *data) seq_printf(s, "plane:%u stage:%d\n", plane->base.id, pstate->stage); - fence = pstate->input_fence; - SDE_EVT32(DRMID(crtc), fence); - if (fence) - sde_fence_list_dump(fence, &s); + SDE_EVT32(DRMID(crtc), plane->base.id, pstate->input_fence); + if (pstate->input_fence) { + + rcu_read_lock(); + fence = dma_fence_get_rcu(pstate->input_fence); + rcu_read_unlock(); + + if (fence) { + sde_fence_list_dump(fence, &s); + dma_fence_put(fence); + } + } } /* Dump release fence info */