CVS commit: src/sys/external/bsd/drm2/drm

Mon, 27 Aug 2018 07:21:57 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Mon Aug 27 14:15:13 UTC 2018

Modified Files:
        src/sys/external/bsd/drm2/drm: drm_fops.c

Log Message:
Release the magic before releasing the master.

Releasing the master frees the idr into which we are trying to
release the magic.  Use of magic that has been freed sounds like a
dangerous proposition.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/sys/external/bsd/drm2/drm/drm_fops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/external/bsd/drm2/drm/drm_fops.c
diff -u src/sys/external/bsd/drm2/drm/drm_fops.c:1.10 src/sys/external/bsd/drm2/drm/drm_fops.c:1.11
--- src/sys/external/bsd/drm2/drm/drm_fops.c:1.10	Mon Aug 27 07:53:52 2018
+++ src/sys/external/bsd/drm2/drm/drm_fops.c	Mon Aug 27 14:15:12 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: drm_fops.c,v 1.10 2018/08/27 07:53:52 riastradh Exp $	*/
+/*	$NetBSD: drm_fops.c,v 1.11 2018/08/27 14:15:12 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: drm_fops.c,v 1.10 2018/08/27 07:53:52 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: drm_fops.c,v 1.11 2018/08/27 14:15:12 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/select.h>
@@ -214,6 +214,12 @@ drm_close_file(struct drm_file *file)
 	struct drm_minor *const minor = file->minor;
 	struct drm_device *const dev = minor->dev;
 
+	mutex_lock(&dev->struct_mutex);
+	list_del(&file->lhead);
+	if (file->magic)
+		idr_remove(&file->master->magic_map, file->magic);
+	mutex_unlock(&dev->struct_mutex);
+
 	if (dev->driver->preclose)
 		(*dev->driver->preclose)(dev, file);
 
@@ -229,12 +235,6 @@ drm_close_file(struct drm_file *file)
 	drm_legacy_ctxbitmap_flush(dev, file);
 	drm_close_file_master(file);
 
-	mutex_lock(&dev->struct_mutex);
-	list_del(&file->lhead);
-	if (file->magic)
-		idr_remove(&file->master->magic_map, file->magic);
-	mutex_unlock(&dev->struct_mutex);
-
 	if (dev->driver->postclose)
 		(*dev->driver->postclose)(dev, file);
 #ifndef __NetBSD__		/* XXX drm prime */

Reply via email to