Quoting Joonas Lahtinen (2019-01-07 08:56:56)
> Add err goto label and use it when VMA can't be established or changes
> underneath.
>
> Fixes: 1816f9236303 ("drm/i915: Support creation of unbound wc user mappings for objects")
Dubious. All it changes is one branch where the error is forced to
-ENOMEM.
> Reported-by: Adam Zabrocki <adamza@xxxxxxxxxxxxx>
> Signed-off-by: Joonas Lahtinen <joonas.lahtinen@xxxxxxxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx> # v4.0+
> Cc: Akash Goel <akash.goel@xxxxxxxxx>
> Cc: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
> Cc: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxxxxxxxx>
> Cc: Adam Zabrocki <adamza@xxxxxxxxxxxxx>
> ---
> drivers/gpu/drm/i915/i915_gem.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
> index f1d594a53978..97cbc0e27e3e 100644
> --- a/drivers/gpu/drm/i915/i915_gem.c
> +++ b/drivers/gpu/drm/i915/i915_gem.c
> @@ -1738,6 +1738,9 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
> addr = vm_mmap(obj->base.filp, 0, args->size,
> PROT_READ | PROT_WRITE, MAP_SHARED,
> args->offset);
> + if (IS_ERR((void *)addr))
> + goto err;
> +
> if (args->flags & I915_MMAP_WC) {
> struct mm_struct *mm = current->mm;
> struct vm_area_struct *vma;
> @@ -1753,17 +1756,22 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
> else
> addr = -ENOMEM;
> up_write(&mm->mmap_sem);
> + if (IS_ERR((void *)addr))
> + goto err;
The issue still remains that we are returning having called vm_mmap and
leaving the vma intact. And we've established above that calling
vm_munmap() is a race.
-Chris
