disp: msm: sde: avoid use after free in msm_lastclose
This change sets kms in msm_drm_private to NULL during msm_drm_unbind as this can be accessed from msm_lastclose during msm_pdev_shutdown concurrently. Change-Id: Ic44f5cf88a96c970903f2c7d3c5b627e22b411fc Signed-off-by: Jayaprakash Madisetty <quic_jmadiset@quicinc.com>
Cette révision appartient à :
@@ -1,4 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Qualcomm Innovation Center, Inc. All rights reserved.
|
||||
* Copyright (c) 2016-2021, The Linux Foundation. All rights reserved.
|
||||
* Copyright (C) 2013 Red Hat
|
||||
* Author: Rob Clark <robdclark@gmail.com>
|
||||
@@ -430,8 +431,10 @@ static int msm_drm_uninit(struct device *dev)
|
||||
drm_atomic_helper_shutdown(ddev);
|
||||
drm_irq_uninstall(ddev);
|
||||
|
||||
if (kms && kms->funcs)
|
||||
if (kms && kms->funcs) {
|
||||
kms->funcs->destroy(kms);
|
||||
priv->kms = NULL;
|
||||
}
|
||||
|
||||
if (priv->vram.paddr) {
|
||||
unsigned long attrs = DMA_ATTR_NO_KERNEL_MAPPING;
|
||||
@@ -1006,12 +1009,14 @@ static void msm_postclose(struct drm_device *dev, struct drm_file *file)
|
||||
static void msm_lastclose(struct drm_device *dev)
|
||||
{
|
||||
struct msm_drm_private *priv = dev->dev_private;
|
||||
struct msm_kms *kms = priv->kms;
|
||||
struct msm_kms *kms;
|
||||
int i, rc;
|
||||
|
||||
if (!kms)
|
||||
if (!priv || !priv->kms)
|
||||
return;
|
||||
|
||||
kms = priv->kms;
|
||||
|
||||
/* check for splash status before triggering cleanup
|
||||
* if we end up here with splash status ON i.e before first
|
||||
* commit then ignore the last close call
|
||||
|
Référencer dans un nouveau ticket
Bloquer un utilisateur