Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3295098pxk;
        Mon, 21 Sep 2020 09:56:10 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwuPjP07mB5myNJOuNwEd1/Y02tlNBqnK5BFyjWNrY6yFFCfy5AJNth+RaXwWVRfzP6O06g
X-Received: by 2002:aa7:cb8f:: with SMTP id r15mr606260edt.356.1600707370301;
        Mon, 21 Sep 2020 09:56:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600707370; cv=none;
        d=google.com; s=arc-20160816;
        b=MjrYXylOsLU/UxEkXaXmndP1SBBeKouHBGbLlp1lNX+gMGyOBqA4u7MXKsKrnPHcmK
         T47ksRakbKPIJjHTbJoUkL1bKTlyy2WW+9mTFbCgXChJHdA/jI44cTtc/WRx/tPIPl//
         d5H7oaCyjc4eTKrW2HMR5SF/AUMzK4j5bogaymVomzhtjyI4l/zWbN4pct2KlSsqfzbl
         9ICUuwBI5uW2qBjHqU2Fnow6ppvGRLVeuPwbMSYpUm+ILBoo2bhze5rD5ULw/aubINzs
         QeLHiT0rKk4OUVlo92vLIU73hQzPWfQ7K87G0A/HbhZ5U1FSDzPNPayNrAEX9xE01HiS
         4bMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=OtRpVdMZpTZXpTKIPDNf5NieY+SxU+pxZ9A8xpNQ2Mo=;
        b=GtzerPPzmAzqczodfTXD15Y4fCCqtxJxQUWcJgpY+XqyabMk84U7nC3L/ne9Fwg8Y2
         yM8MwOXbl1YZ8m9Xw6MOXqBvFew/2YGaR5p1JTH20TzOPffyNutnmrj9tEDpRpJJG9DC
         OpVKLLtLgC5dGfmV9OSBYsC1l/nWD4eAdw6TJEagiYWUfeBQCIb21XOa5rxeD+ZiKqLA
         l7ZyrqpjX5bFSDaJrTq1T2TCsFnwRsn8gI9s/tRRuHgq4ow3cIu41CbuAKDERdtsCkFJ
         Znn/igL9Uq4q4Wr29RrkZ5vBncSiowqWRrZ+oPjCF8x7hbhtgFlS0EtPalqLktmXkcGa
         F6IQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=MJfoz3Ej;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id v1si6131963ejw.413.2020.09.21.09.55.46;
        Mon, 21 Sep 2020 09:56:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=MJfoz3Ej;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728455AbgIUQqG (ORCPT <rfc822;yxhlfx@gmail.com> + 99 others);
        Mon, 21 Sep 2020 12:46:06 -0400
Received: from mail.kernel.org ([198.145.29.99]:52156 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728429AbgIUQqE (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 Sep 2020 12:46:04 -0400
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id EFFAD20874;
        Mon, 21 Sep 2020 16:46:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1600706763;
        bh=0J7lRRNkF0UwJRCCL6+ZqqjAfYmEsTy4Coh9mg2akVs=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=MJfoz3EjvZBT10VWOe1W+1Cn+Bgkn6S4SdcpYSps2YkiIx4DFHr3xbi4pp8Rsgaw9
         8xjsxmYdfq0tzNRqCS1sP1qJDDWg7znQv7emZRcZZq+ohvD455zwwBE8FJodN6Baki
         RiQMwVnlzhVaB2JxLAaPpEk+HM1o9E/g36aMq1rU=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, CQ Tang <cq.tang@intel.com>,
        Chris Wilson <chris@chris-wilson.co.uk>,
        Tvrtko Ursulin <tvrtko.ursulin@intel.com>,
        Mika Kuoppala <mika.kuoppala@linux.intel.com>,
        Rodrigo Vivi <rodrigo.vivi@intel.com>,
        Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
        Jani Nikula <jani.nikula@intel.com>
Subject: [PATCH 5.8 084/118] drm/i915/gem: Delay tracking the GEM context until it is registered
Date:   Mon, 21 Sep 2020 18:28:16 +0200
Message-Id: <20200921162040.244816521@linuxfoundation.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200921162036.324813383@linuxfoundation.org>
References: <20200921162036.324813383@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Chris Wilson <chris@chris-wilson.co.uk>

commit e7d95527f27a6d9edcffbd74eee38e5cb6b91785 upstream.

Avoid exposing a partially constructed context by deferring the
list_add() from the initial construction to the end of registration.
Otherwise, if we peek into the list of contexts from inside debugfs, we
may see the partially constructed context and chase down some dangling
incomplete pointers.

Reported-by: CQ Tang <cq.tang@intel.com>
Fixes: 3aa9945a528e ("drm/i915: Separate GEM context construction and registration to userspace")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: CQ Tang <cq.tang@intel.com>
Cc: <stable@vger.kernel.org> # v5.2+
Reviewed-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200730092856.23615-1-chris@chris-wilson.co.uk
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
(cherry picked from commit eb4dedae920a07c485328af3da2202ec5184fb17)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/gem/i915_gem_context.c |   16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

--- a/drivers/gpu/drm/i915/gem/i915_gem_context.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_context.c
@@ -720,6 +720,7 @@ __create_context(struct drm_i915_private
 	ctx->i915 = i915;
 	ctx->sched.priority = I915_USER_PRIORITY(I915_PRIORITY_NORMAL);
 	mutex_init(&ctx->mutex);
+	INIT_LIST_HEAD(&ctx->link);
 
 	spin_lock_init(&ctx->stale.lock);
 	INIT_LIST_HEAD(&ctx->stale.engines);
@@ -746,10 +747,6 @@ __create_context(struct drm_i915_private
 	for (i = 0; i < ARRAY_SIZE(ctx->hang_timestamp); i++)
 		ctx->hang_timestamp[i] = jiffies - CONTEXT_FAST_HANG_JIFFIES;
 
-	spin_lock(&i915->gem.contexts.lock);
-	list_add_tail(&ctx->link, &i915->gem.contexts.list);
-	spin_unlock(&i915->gem.contexts.lock);
-
 	return ctx;
 
 err_free:
@@ -937,6 +934,7 @@ static int gem_context_register(struct i
 				struct drm_i915_file_private *fpriv,
 				u32 *id)
 {
+	struct drm_i915_private *i915 = ctx->i915;
 	struct i915_address_space *vm;
 	int ret;
 
@@ -955,8 +953,16 @@ static int gem_context_register(struct i
 	/* And finally expose ourselves to userspace via the idr */
 	ret = xa_alloc(&fpriv->context_xa, id, ctx, xa_limit_32b, GFP_KERNEL);
 	if (ret)
-		put_pid(fetch_and_zero(&ctx->pid));
+		goto err_pid;
+
+	spin_lock(&i915->gem.contexts.lock);
+	list_add_tail(&ctx->link, &i915->gem.contexts.list);
+	spin_unlock(&i915->gem.contexts.lock);
+
+	return 0;
 
+err_pid:
+	put_pid(fetch_and_zero(&ctx->pid));
 	return ret;
 }