On 06/11/2024 12:14, Mihail Atanassov wrote:
Hi Liviu,
On 06/11/2024 12:07, Liviu Dudau wrote:
Similar to cac075706f29 ("drm/panthor: Fix race when converting
group handle to group object") we need to use the XArray's internal
locking when retrieving a pointer from there for heap and vm.
Reported-by: Jann Horn <jannh@xxxxxxxxxx>
Cc: Boris Brezillon <boris.brezillon@xxxxxxxxxxxxx>
Cc: Steven Price <steven.price@xxxxxxx>
Signed-off-by: Liviu Dudau <liviu.dudau@xxxxxxx>
---
drivers/gpu/drm/panthor/panthor_heap.c | 15 +++++++++++++--
drivers/gpu/drm/panthor/panthor_mmu.c | 2 ++
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/panthor/panthor_heap.c b/drivers/gpu/drm/
panthor/panthor_heap.c
index 3796a9eb22af2..fe0bcb6837f74 100644
--- a/drivers/gpu/drm/panthor/panthor_heap.c
+++ b/drivers/gpu/drm/panthor/panthor_heap.c
@@ -351,6 +351,17 @@ int panthor_heap_create(struct panthor_heap_pool
*pool,
return ret;
}
+static struct panthor_heap *panthor_heap_from_id(struct
pathor_heap_pool *pool, u32 id)
s/pathor/panthor/, but you already know that.
+{
+ struct panthor_heap *heap;
+
+ xa_lock(&pool->xa);
+ heap = xa_load(&pool->xa, id);
+ xa_unlock(&pool->va);
s/va/xa
+
+ return heap;
+}
+
/**
* panthor_heap_return_chunk() - Return an unused heap chunk
* @pool: The pool this heap belongs to.
@@ -375,7 +386,7 @@ int panthor_heap_return_chunk(struct
panthor_heap_pool *pool,
return -EINVAL;
down_read(&pool->lock);
- heap = xa_load(&pool->xa, heap_id);
+ heap = panthor_heap_from_id(pool, heap_id);
if (!heap) {
ret = -EINVAL;
goto out_unlock;
@@ -438,7 +449,7 @@ int panthor_heap_grow(struct panthor_heap_pool *pool,
return -EINVAL;
down_read(&pool->lock);
- heap = xa_load(&pool->xa, heap_id);
+ heap = panthor_heap_from_id(pool, heap_id);
if (!heap) {
ret = -EINVAL;
goto out_unlock;
diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c b/drivers/gpu/drm/
panthor/panthor_mmu.c
index 8ca85526491e6..8b5cda9d21768 100644
--- a/drivers/gpu/drm/panthor/panthor_mmu.c
+++ b/drivers/gpu/drm/panthor/panthor_mmu.c
@@ -1580,7 +1580,9 @@ panthor_vm_pool_get_vm(struct panthor_vm_pool
*pool, u32 handle)
{
struct panthor_vm *vm;
+ xa_lock(&pool->xa);
vm = panthor_vm_get(xa_load(&pool->xa, handle));
+ xa_unlock(&pool->va);
s/va/xa/
return vm;
}
Reviewed-by: Mihail Atanassov <mihail.atanassov@xxxxxxx>
Lesson learned for me -- at least build-test what you review :).
With the typos fixed up so this patch builds, I can't observe the race
in `panthor_vm_pool_get_vm` any more.
The other comments on this patch notwithstanding,
Tested-by: Mihail Atanassov <mihail.atanassov@xxxxxxx>
--
Mihail Atanassov <mihail.atanassov@xxxxxxx>
