From: Johan Hovold johan@kernel.org
commit a64fc11b9a520c55ca34d82e5ca32274f49b6b15 upstream.
If a process is interrupted while accessing the "gpu" debugfs file and the drm device struct_mutex is contended, release() could return early and fail to free related resources.
Note that the return value from release() is ignored.
Fixes: 4f776f4511c7 ("drm/msm/gpu: Convert the GPU show function to use the GPU state") Cc: stable stable@vger.kernel.org # 4.18 Cc: Jordan Crouse jcrouse@codeaurora.org Cc: Rob Clark robdclark@gmail.com Reviewed-by: Rob Clark robdclark@gmail.com Signed-off-by: Johan Hovold johan@kernel.org Signed-off-by: Sean Paul seanpaul@chromium.org Link: https://patchwork.freedesktop.org/patch/msgid/20191010131333.23635-2-johan@k... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/gpu/drm/msm/msm_debugfs.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)
--- a/drivers/gpu/drm/msm/msm_debugfs.c +++ b/drivers/gpu/drm/msm/msm_debugfs.c @@ -47,12 +47,8 @@ static int msm_gpu_release(struct inode struct msm_gpu_show_priv *show_priv = m->private; struct msm_drm_private *priv = show_priv->dev->dev_private; struct msm_gpu *gpu = priv->gpu; - int ret; - - ret = mutex_lock_interruptible(&show_priv->dev->struct_mutex); - if (ret) - return ret;
+ mutex_lock(&show_priv->dev->struct_mutex); gpu->funcs->gpu_state_put(show_priv->state); mutex_unlock(&show_priv->dev->struct_mutex);