drm: Remove "protection" around drm_vma_offset_manager_destroy()
authorChris Wilson <chris@chris-wilson.co.uk>
Mon, 3 Sep 2018 09:31:55 +0000 (10:31 +0100)
committerChris Wilson <chris@chris-wilson.co.uk>
Tue, 4 Sep 2018 18:00:32 +0000 (19:00 +0100)
Using a spinlock to serialize the destroy function, within the destroy
function itself does not prevent the buggy driver from shooting
themselves in the foot - either way they still have a use-after-free
issue.

Reported-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Liviu Dudau <Liviu.Dudau@arm.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20180903093155.3825-1-chris@chris-wilson.co.uk
drivers/gpu/drm/drm_vma_manager.c

index a6b2fe36b025228cbcd0be546ce110e80bba7e39..c5d0d23583015fd94aafb9d9ee10b9ea263c5e7c 100644 (file)
@@ -103,10 +103,7 @@ EXPORT_SYMBOL(drm_vma_offset_manager_init);
  */
 void drm_vma_offset_manager_destroy(struct drm_vma_offset_manager *mgr)
 {
-       /* take the lock to protect against buggy drivers */
-       write_lock(&mgr->vm_lock);
        drm_mm_takedown(&mgr->vm_addr_space_mm);
-       write_unlock(&mgr->vm_lock);
 }
 EXPORT_SYMBOL(drm_vma_offset_manager_destroy);