gpu: host1x: Assign intr waiter inside lock

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Move the assignment of the ref out-pointer in host1x_intr_add_action
to happen within the spinlock. With the current arrangement,
it is possible for the waiter to complete before the assignment
has happened, which breaks horribly if the waiter completion
callback tries to use the reference.

In practice, there is currently no situation where this issue can
manifest -- it was first noticed with the upcoming DMA fence
implementation patches. As such this doesn't need to be backported.

Signed-off-by: Mikko Perttunen <mperttunen@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>

authored by

Mikko Perttunen and committed by

Thierry Reding 5 years ago 5a8d95d2 f5ba33fb

+3 -2

1 changed file

expand all

drivers

gpu

host1x

intr.c

+3 -2

drivers/gpu/host1x/intr.c

··· 235 235 host1x_hw_intr_enable_syncpt_intr(host, syncpt->id); 236 236 } 237 237 238 - spin_unlock(&syncpt->intr.lock); 239 - 240 238 if (ref) 241 239 *ref = waiter; 240 + 241 + spin_unlock(&syncpt->intr.lock); 242 + 242 243 return 0; 243 244 } 244 245