]> www.infradead.org Git - users/hch/misc.git/commitdiff
projects / users / hch / misc.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dcfd151)
drm/xe: defer free of NVM auxiliary container to device release callback
authorNitin Gote <nitin.r.gote@intel.com>
Thu, 11 Sep 2025 05:28:23 +0000 (10:58 +0530)
committerRodrigo Vivi <rodrigo.vivi@intel.com>
Mon, 15 Sep 2025 17:12:19 +0000 (13:12 -0400)
Do not kfree the intel_dg_nvm_dev in xe_nvm_fini() right after
auxiliary_device_delete/uninit. The auxiliary_device embeds the
device/kobject (and its name); freeing it too early can race
with asynchronous device_del/udev processing and cause a use-after-free.

Signed-off-by: Nitin Gote <nitin.r.gote@intel.com>
Fixes: c28bfb107dac ("drm/xe/nvm: add on-die non-volatile memory device")
Reviewed-by: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://lore.kernel.org/r/20250911052823.226696-1-nitin.r.gote@intel.com
Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
(cherry picked from commit d4c3ed963e41d488695cf91068eabb8eb9f538ec)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
drivers/gpu/drm/xe/xe_nvm.c patch | blob | history

diff --git a/drivers/gpu/drm/xe/xe_nvm.c b/drivers/gpu/drm/xe/xe_nvm.c
index 61b0a1531a539ba40014f8fa1b1e507ae6de29cd..2cfe9eb673913f6a50b16a7b1aacd6b2db267400 100644 (file)
--- a/drivers/gpu/drm/xe/xe_nvm.c
+++ b/drivers/gpu/drm/xe/xe_nvm.c
@@ -35,6 +35,10 @@ static const struct intel_dg_nvm_region regions[INTEL_DG_NVM_REGIONS] = {
 
 static void xe_nvm_release_dev(struct device *dev)
 {
+       struct auxiliary_device *aux = container_of(dev, struct auxiliary_device, dev);
+       struct intel_dg_nvm_dev *nvm = container_of(aux, struct intel_dg_nvm_dev, aux_dev);
+
+       kfree(nvm);
 }
 
 static bool xe_nvm_non_posted_erase(struct xe_device *xe)
@@ -162,6 +166,5 @@ void xe_nvm_fini(struct xe_device *xe)
 
        auxiliary_device_delete(&nvm->aux_dev);
        auxiliary_device_uninit(&nvm->aux_dev);
-       kfree(nvm);
        xe->nvm = NULL;
 }
Unnamed repository; edit this file 'description' to name the repository.