From 5ddd6582cd7ba018b7527eed1777b7d83e6d9b62 Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Mon, 3 Sep 2018 10:31:55 +0100 Subject: [PATCH] drm: Remove "protection" around drm_vma_offset_manager_destroy() Using a spinlock to serialize the destroy function, within the destroy function itself does not prevent the buggy driver from shooting themselves in the foot - either way they still have a use-after-free issue. Reported-by: Jia-Ju Bai Signed-off-by: Chris Wilson Cc: Davidlohr Bueso Cc: Liviu Dudau Cc: Daniel Vetter Reviewed-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20180903093155.3825-1-chris@chris-wilson.co.uk --- drivers/gpu/drm/drm_vma_manager.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/gpu/drm/drm_vma_manager.c b/drivers/gpu/drm/drm_vma_manager.c index a6b2fe36b025..c5d0d2358301 100644 --- a/drivers/gpu/drm/drm_vma_manager.c +++ b/drivers/gpu/drm/drm_vma_manager.c @@ -103,10 +103,7 @@ EXPORT_SYMBOL(drm_vma_offset_manager_init); */ void drm_vma_offset_manager_destroy(struct drm_vma_offset_manager *mgr) { - /* take the lock to protect against buggy drivers */ - write_lock(&mgr->vm_lock); drm_mm_takedown(&mgr->vm_addr_space_mm); - write_unlock(&mgr->vm_lock); } EXPORT_SYMBOL(drm_vma_offset_manager_destroy); -- 2.30.2