[Intel-gfx] [PATCH 2/2] drm/i915: Only disable PMU on stop if not already closed

[Stuart Summers]

There can be a race in the PMU process teardown vs the
time when the driver is unbound in which the user attempts
to stop the PMU process, but the actual data structure
in the kernel is no longer available. Avoid this use-after-free
by skipping the PMU disable in i915_pmu_event_stop() when
the PMU has already been closed/unregistered by the driver.

Fixes: b00bccb3f0bb ("drm/i915/pmu: Handle PCI unbind")
Suggested-by: Tvrtko Ursulin <tvrtko.ursulin at linux.intel.com>
Signed-off-by: Stuart Summers <stuart.summers at intel.com>
---
 drivers/gpu/drm/i915/i915_pmu.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/gpu/drm/i915/i915_pmu.c b/drivers/gpu/drm/i915/i915_pmu.c
index 958b37123bf12..0d02f338118e4 100644
--- a/drivers/gpu/drm/i915/i915_pmu.c
+++ b/drivers/gpu/drm/i915/i915_pmu.c
@@ -760,9 +760,17 @@ static void i915_pmu_event_start(struct perf_event *event, int flags)
 
 static void i915_pmu_event_stop(struct perf_event *event, int flags)
 {
+	struct drm_i915_private *i915 =
+		container_of(event->pmu, typeof(*i915), pmu.base);
+	struct i915_pmu *pmu = &i915->pmu;
+
+	if (pmu->closed)
+		goto out;
+
 	if (flags & PERF_EF_UPDATE)
 		i915_pmu_event_read(event);
 	i915_pmu_disable(event);
+out:
 	event->hw.state = PERF_HES_STOPPED;
 }
 
-- 
2.25.1