The tiler irq handler uses engine->async value, but the code that sets engine->async and enables the interrupt does not have a barrier. This may cause the irq handler to see the old value of engine->async, causing memory corruption.
Reported-by: Harinarayan Bhatta <[email protected]> Signed-off-by: Tomi Valkeinen <[email protected]> --- drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c index ef3d14d9cfa1..c4563af55a82 100644 --- a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c +++ b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c @@ -273,6 +273,8 @@ static int dmm_txn_commit(struct dmm_txn *txn, bool wait) /* mark whether it is async to denote list management in IRQ handler */ engine->async = wait ? false : true; + /* verify that the irq handler sees the 'async' value */ + smp_mb(); /* kick reload */ writel(engine->refill_pa, -- 2.3.0 -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
