From: Michał Winiarski <michal.winiarski@intel.com>
Date: Tue, 3 Feb 2015 14:48:17 +0000 (+0100)
Subject: drm/i915: Prevent use-after-free in invalidate_range_start callback
X-Git-Tag: omap-for-v4.1/prcm-dts-mfd-syscon-fix~75^2~3^2~8
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=460822b0b1a77db859b0320469799fa4dbe4d367;p=pandora-kernel.git

drm/i915: Prevent use-after-free in invalidate_range_start callback

It's possible for invalidate_range_start mmu notifier callback to race
against userptr object release. If the gem object was released prior to
obtaining the spinlock in invalidate_range_start we're hitting null
pointer dereference.

Testcase: igt/gem_userptr_blits/stress-mm-invalidate-close
Testcase: igt/gem_userptr_blits/stress-mm-invalidate-close-overlap
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Michał Winiarski <michal.winiarski@intel.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: stable@vger.kernel.org
[Jani: added code comment suggested by Chris]
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
---

Reading git-diff-tree failed