Commit 0e916da8 authored by Rob Clark's avatar Rob Clark Committed by sanglipeng
Browse files

dma-buf/sw_sync: Avoid recursive lock during fence signal 

stable inclusion
from stable-v5.10.193
commit 0df5eaab03ed6370b2e348ce77f79191162c8496
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I9399M

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0df5eaab03ed6370b2e348ce77f79191162c8496

--------------------------------

[ Upstream commit e531fdb5 ]

If a signal callback releases the sw_sync fence, that will trigger a
deadlock as the timeline_fence_release recurses onto the fence->lock
(used both for signaling and the the timeline tree).

To avoid that, temporarily hold an extra reference to the signalled
fences until after we drop the lock.

(This is an alternative implementation of https://patchwork.kernel.org/patch/11664717/


which avoids some potential UAF issues with the original patch.)

v2: Remove now obsolete comment, use list_move_tail() and
    list_del_init()

Reported-by: default avatarBas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
Fixes: d3c6dd1f ("dma-buf/sw_sync: Synchronize signal vs syncpt free")
Signed-off-by: default avatarRob Clark <robdclark@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230818145939.39697-1-robdclark@gmail.com


Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
Signed-off-by: default avatarChristian König <christian.koenig@amd.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarsanglipeng <sanglipeng1@jd.com>
parent e198fe17
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment