From: Tomi Valkeinen Date: Mon, 10 Nov 2014 10:23:01 +0000 (+0200) Subject: drm/omap: tiler: fix race condition with engine->async X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e7e24df4715906ad25041b0a4ca613186d4cf849;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git drm/omap: tiler: fix race condition with engine->async The tiler irq handler uses engine->async value, but the code that sets engine->async and enables the interrupt does not have a barrier. This may cause the irq handler to see the old value of engine->async, causing memory corruption. Reported-by: Harinarayan Bhatta Signed-off-by: Tomi Valkeinen --- diff --git a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c index f06243b3d3c0..a1a824db1dd6 100644 --- a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c +++ b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c @@ -273,6 +273,8 @@ static int dmm_txn_commit(struct dmm_txn *txn, bool wait) /* mark whether it is async to denote list management in IRQ handler */ engine->async = wait ? false : true; + /* verify that the irq handler sees the 'async' value */ + smp_mb(); /* kick reload */ writel(engine->refill_pa,