disp: msm: sde: avoid use after free in msm_lastclose

This change sets kms in msm_drm_private to NULL during
msm_drm_unbind as this can be accessed from msm_lastclose
during msm_pdev_shutdown concurrently.

Change-Id: Ic44f5cf88a96c970903f2c7d3c5b627e22b411fc
Signed-off-by: Jayaprakash Madisetty <quic_jmadiset@quicinc.com>
Cette révision appartient à :
Jayaprakash Madisetty
2021-12-14 16:22:16 +05:30
Parent 55288db46f
révision eea04d1a31

Voir le fichier

@@ -1,4 +1,5 @@
/*
* Copyright (c) 2021 Qualcomm Innovation Center, Inc. All rights reserved.
* Copyright (c) 2016-2021, The Linux Foundation. All rights reserved.
* Copyright (C) 2013 Red Hat
* Author: Rob Clark <robdclark@gmail.com>
@@ -430,8 +431,10 @@ static int msm_drm_uninit(struct device *dev)
drm_atomic_helper_shutdown(ddev);
drm_irq_uninstall(ddev);
if (kms && kms->funcs)
if (kms && kms->funcs) {
kms->funcs->destroy(kms);
priv->kms = NULL;
}
if (priv->vram.paddr) {
unsigned long attrs = DMA_ATTR_NO_KERNEL_MAPPING;
@@ -1006,12 +1009,14 @@ static void msm_postclose(struct drm_device *dev, struct drm_file *file)
static void msm_lastclose(struct drm_device *dev)
{
struct msm_drm_private *priv = dev->dev_private;
struct msm_kms *kms = priv->kms;
struct msm_kms *kms;
int i, rc;
if (!kms)
if (!priv || !priv->kms)
return;
kms = priv->kms;
/* check for splash status before triggering cleanup
* if we end up here with splash status ON i.e before first
* commit then ignore the last close call