drm/omap: tiler: fix race condition with engine->async

The tiler irq handler uses engine->async value, but the code that sets
engine->async and enables the interrupt does not have a barrier. This
may cause the irq handler to see the old value of engine->async, causing
memory corruption.

Reported-by: Harinarayan Bhatta <harinarayan@ti.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>

diff --git a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
index f06243b3d3c002805a33f5eb060702c6eb215815..a1a824db1dd683a9ac03f3c61d96a4980f2840a1 100644 (file)
--- a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
+++ b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
@@ -273,6 +273,8 @@ static int dmm_txn_commit(struct dmm_txn *txn, bool wait)
 
        /* mark whether it is async to denote list management in IRQ handler */
        engine->async = wait ? false : true;
+       /* verify that the irq handler sees the 'async' value */
+       smp_mb();
 
        /* kick reload */
        writel(engine->refill_pa,