[Intel-gfx] [PATCH 2/2] drm/i915: Only disable PMU on stop if not already closed
Umesh Nerlige Ramappa
umesh.nerlige.ramappa at intel.com
Thu Aug 4 23:26:47 UTC 2022
On Wed, Aug 03, 2022 at 11:03:25PM +0000, Stuart Summers wrote:
>There can be a race in the PMU process teardown vs the
>time when the driver is unbound in which the user attempts
>to stop the PMU process, but the actual data structure
>in the kernel is no longer available. Avoid this use-after-free
>by skipping the PMU disable in i915_pmu_event_stop() when
>the PMU has already been closed/unregistered by the driver.
>
>Fixes: b00bccb3f0bb ("drm/i915/pmu: Handle PCI unbind")
>Suggested-by: Tvrtko Ursulin <tvrtko.ursulin at linux.intel.com>
>Signed-off-by: Stuart Summers <stuart.summers at intel.com>
>---
> drivers/gpu/drm/i915/i915_pmu.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
>diff --git a/drivers/gpu/drm/i915/i915_pmu.c b/drivers/gpu/drm/i915/i915_pmu.c
>index 958b37123bf12..0d02f338118e4 100644
>--- a/drivers/gpu/drm/i915/i915_pmu.c
>+++ b/drivers/gpu/drm/i915/i915_pmu.c
>@@ -760,9 +760,17 @@ static void i915_pmu_event_start(struct perf_event *event, int flags)
>
> static void i915_pmu_event_stop(struct perf_event *event, int flags)
> {
>+ struct drm_i915_private *i915 =
>+ container_of(event->pmu, typeof(*i915), pmu.base);
>+ struct i915_pmu *pmu = &i915->pmu;
>+
>+ if (pmu->closed)
>+ goto out;
>+
> if (flags & PERF_EF_UPDATE)
> i915_pmu_event_read(event);
> i915_pmu_disable(event);
>+out:
> event->hw.state = PERF_HES_STOPPED;
> }
lgtm
Reviewed-by: Umesh Nerlige Ramappa <umesh.nerlige.ramappa at intel.com>
Thanks,
Umesh
>
>--
>2.25.1
>
More information about the Intel-gfx
mailing list