Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp1982428pxx;
        Sat, 31 Oct 2020 04:47:07 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw7rxszUiocivdUCHz++XbTGbMOX7jib0BDf4EPAtFzwYLVsUa2ztTFDBD8cV2OqPM0QKaN
X-Received: by 2002:a17:906:c41:: with SMTP id t1mr780439ejf.19.1604144827174;
        Sat, 31 Oct 2020 04:47:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1604144827; cv=none;
        d=google.com; s=arc-20160816;
        b=k84BDG5tEEsj3OdfTjrEo7T8qiZvY0HzE3J/L1Q524HND4TYoyYzpx8kat5UmGhxGW
         dRsBCIg/Wa5Rm7kerAh97ZD5iKkXYplHTbYK7kO7WhdvITD5fAqCZHuR1NN6IDYLyEYR
         oRCFqmqlH5fz/gaSr7dCiw6OM3UbG/6kft11xrZ3wjKU7TGxbWzL+UEbswp/6V4gvqJe
         3CCanVvE9UdADMmjkCxfNbQH/pPH2e2EZEyBH1ZdwUh4tpHlJcg+em7o4kvH0cepe7cX
         PboYYpKsBoDcN+ctfwp04aiLCzScxd3MbtiBq1hFbcgzQy4dMDJsPJfWTMhPHdDxU2Ae
         sCZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=L3/LXcR0gg+NQRpLm69A7VEVXUx6TsnYZZmOfATxf8w=;
        b=LFIOLNwpuLoBdOa5nhUW6REL3nuc/HXaL8oUyVUAJcLwY+9zGm4SoGy7TZNhG2JqVZ
         Ff0oxrotsk6kPxEiO0PPvzZP5vWuIbJRUjIER+LSIKTVjRMw9pDet4dEMHgGx2fmTUas
         HyMODxB+/ysR0cqRAhcI8NdXP0FPoecoeeEoW9atLC+C13+eKsgMWgT7+aMEHIO8z2Vr
         bxF4AmM2YZ8iswFDvWnxx52qFGgG7vYR2eSgIvWRgJAasCNdvEODgr5cYj7LHk7a5gf7
         P7rY96bTtWOzzFlJst2WSDJTEkcy1QDaz/K9+RSDJMNJe0WAJ0T0xvcHDSgLnWdzmIa7
         flig==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=SuY1Pw6t;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id f5si5698337ejd.623.2020.10.31.04.46.44;
        Sat, 31 Oct 2020 04:47:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=SuY1Pw6t;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727881AbgJaLmf (ORCPT <rfc822;zcyberian@gmail.com> + 99 others);
        Sat, 31 Oct 2020 07:42:35 -0400
Received: from mail.kernel.org ([198.145.29.99]:42126 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727865AbgJaLmc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 31 Oct 2020 07:42:32 -0400
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 14514205F4;
        Sat, 31 Oct 2020 11:42:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1604144551;
        bh=hBXHsYZ6myK5Hnhs1bJ2kqbSzt3r4kUKTX4lwf4DFIM=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=SuY1Pw6tugFlcoHoCa3LEttZqmsQ3HJTtUpZDtGRM+6N/KhHlQ7h+e4ArpV6zV55o
         UuyVSguxckXNO+5c6qypnvu2podq4K1EhZKJUOQXG2SBKQirBE/kYt+L6DWSWHQFrY
         Sap8SP5R7/8crZ8AiCGd49CH3x+gPAZtgDlqGWIs=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Chris Wilson <chris@chris-wilson.co.uk>,
        CQ Tang <cq.tang@intel.com>,
        Daniel Vetter <daniel.vetter@intel.com>,
        Tvrtko Ursulin <tvrtko.ursulin@intel.com>,
        Rodrigo Vivi <rodrigo.vivi@intel.com>
Subject: [PATCH 5.8 62/70] drm/i915/gem: Serialise debugfs i915_gem_objects with ctx->mutex
Date:   Sat, 31 Oct 2020 12:36:34 +0100
Message-Id: <20201031113502.462944295@linuxfoundation.org>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20201031113459.481803250@linuxfoundation.org>
References: <20201031113459.481803250@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Chris Wilson <chris@chris-wilson.co.uk>

commit 4fe9af8e881d946bf60790eeb37a7c4f96e28382 upstream.

Since the debugfs may peek into the GEM contexts as the corresponding
client/fd is being closed, we may try and follow a dangling pointer.
However, the context closure itself is serialised with the ctx->mutex,
so if we hold that mutex as we inspect the state coupled in the context,
we know the pointers within the context are stable and will remain valid
as we inspect their tables.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: CQ Tang <cq.tang@intel.com>
Cc: Daniel Vetter <daniel.vetter@intel.com>
Cc: stable@vger.kernel.org
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200723172119.17649-3-chris@chris-wilson.co.uk
(cherry picked from commit 102f5aa491f262c818e607fc4fee08a724a76c69)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/i915_debugfs.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/gpu/drm/i915/i915_debugfs.c
+++ b/drivers/gpu/drm/i915/i915_debugfs.c
@@ -323,6 +323,7 @@ static void print_context_stats(struct s
 		}
 		i915_gem_context_unlock_engines(ctx);
 
+		mutex_lock(&ctx->mutex);
 		if (!IS_ERR_OR_NULL(ctx->file_priv)) {
 			struct file_stats stats = {
 				.vm = rcu_access_pointer(ctx->vm),
@@ -343,6 +344,7 @@ static void print_context_stats(struct s
 
 			print_file_stats(m, name, stats);
 		}
+		mutex_unlock(&ctx->mutex);
 
 		spin_lock(&i915->gem.contexts.lock);
 		list_safe_reset_next(ctx, cn, link);