[PATCH 5.0 240/246] drm: Reorder set_property_atomic to avoid returning with an active ww_ctx
From: Greg Kroah-Hartman
Date: Thu Apr 04 2019 - 05:19:05 EST
5.0-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit 227ad6d957898a88b1746e30234ece64d305f066 ]
Delay the drm_modeset_acquire_init() until after we check for an
allocation failure so that we can return immediately upon error without
having to unwind.
WARNING: lock held when returning to user space!
4.20.0+ #174 Not tainted
------------------------------------------------
syz-executor556/8153 is leaving the kernel with locks still held!
1 lock held by syz-executor556/8153:
#0: 000000005100c85c (crtc_ww_class_acquire){+.+.}, at:
set_property_atomic+0xb3/0x330 drivers/gpu/drm/drm_mode_object.c:462
Reported-by: syzbot+6ea337c427f5083ebdf2@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: 144a7999d633 ("drm: Handle properties in the core for atomic drivers")
Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Cc: Daniel Vetter <daniel.vetter@xxxxxxxx>
Cc: Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxxxxxxx>
Cc: Sean Paul <sean@xxxxxxxxxx>
Cc: David Airlie <airlied@xxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> # v4.14+
Reviewed-by: Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20181230122842.21917-1-chris@xxxxxxxxxxxxxxxxxx
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/gpu/drm/drm_mode_object.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/drm_mode_object.c b/drivers/gpu/drm/drm_mode_object.c
index 004191d01772..15b919f90c5a 100644
--- a/drivers/gpu/drm/drm_mode_object.c
+++ b/drivers/gpu/drm/drm_mode_object.c
@@ -465,6 +465,7 @@ static int set_property_atomic(struct drm_mode_object *obj,
drm_modeset_acquire_init(&ctx, 0);
state->acquire_ctx = &ctx;
+
retry:
if (prop == state->dev->mode_config.dpms_property) {
if (obj->type != DRM_MODE_OBJECT_CONNECTOR) {
--
2.19.1