[Nouveau] [PATCH] fifo/nv04: avoid ramht race against cookie insertion

Sat Sep 10 02:34:02 UTC 2016

Signed-off-by: Ilia Mirkin <imirkin at alum.mit.edu>
Cc: stable at vger.kernel.org
---

Ian Romanick reported a kernel crash that implicated this path in a null
pointer jump, which means that one of the function pointers had been nulled
out. Not sure if a race there would explain it, but maybe.

There is also questionable ramht usage in channv50 and various disp code. If
you think this is a good idea, those should probably be fixed up as well.

 drm/nouveau/nvkm/engine/fifo/dmanv04.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drm/nouveau/nvkm/engine/fifo/dmanv04.c b/drm/nouveau/nvkm/engine/fifo/dmanv04.c
index edec30f..0a7b6ed 100644
--- a/drm/nouveau/nvkm/engine/fifo/dmanv04.c
+++ b/drm/nouveau/nvkm/engine/fifo/dmanv04.c
@@ -37,7 +37,10 @@ nv04_fifo_dma_object_dtor(struct nvkm_fifo_chan *base, int cookie)
 {
 	struct nv04_fifo_chan *chan = nv04_fifo_chan(base);
 	struct nvkm_instmem *imem = chan->fifo->base.engine.subdev.device->imem;
+
+	mutex_lock(&chan->fifo->base.engine.subdev.mutex);
 	nvkm_ramht_remove(imem->ramht, cookie);
+	mutex_unlock(&chan->fifo->base.engine.subdev.mutex);
 }
 
 static int
-- 
2.7.3

