[Intel-gfx] [PATCH 2/2] drm/i915: Only disable PMU on stop if not already closed
Tvrtko Ursulin
tvrtko.ursulin at linux.intel.com
Thu Aug 4 08:46:33 UTC 2022
On 04/08/2022 00:03, Stuart Summers wrote:
> There can be a race in the PMU process teardown vs the
> time when the driver is unbound in which the user attempts
> to stop the PMU process, but the actual data structure
> in the kernel is no longer available. Avoid this use-after-free
> by skipping the PMU disable in i915_pmu_event_stop() when
> the PMU has already been closed/unregistered by the driver.
>
> Fixes: b00bccb3f0bb ("drm/i915/pmu: Handle PCI unbind")
> Suggested-by: Tvrtko Ursulin <tvrtko.ursulin at linux.intel.com>
> Signed-off-by: Stuart Summers <stuart.summers at intel.com>
> ---
> drivers/gpu/drm/i915/i915_pmu.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/gpu/drm/i915/i915_pmu.c b/drivers/gpu/drm/i915/i915_pmu.c
> index 958b37123bf12..0d02f338118e4 100644
> --- a/drivers/gpu/drm/i915/i915_pmu.c
> +++ b/drivers/gpu/drm/i915/i915_pmu.c
> @@ -760,9 +760,17 @@ static void i915_pmu_event_start(struct perf_event *event, int flags)
>
> static void i915_pmu_event_stop(struct perf_event *event, int flags)
> {
> + struct drm_i915_private *i915 =
> + container_of(event->pmu, typeof(*i915), pmu.base);
> + struct i915_pmu *pmu = &i915->pmu;
> +
> + if (pmu->closed)
> + goto out;
> +
> if (flags & PERF_EF_UPDATE)
> i915_pmu_event_read(event);
> i915_pmu_disable(event);
> +out:
> event->hw.state = PERF_HES_STOPPED;
> }
>
LGTM, although I am not sure who feels comfortable to r-b since we all
kind of suggested the same fix. :)
FWIW:
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin at intel.com>
Regards,
Tvrtko
More information about the Intel-gfx
mailing list