From c8f327ce9cb504a6c2185487d576be3d5254556a Mon Sep 17 00:00:00 2001
From: David Rosca <nowrep@gmail.com>
Date: Sun, 25 Feb 2024 16:53:29 +0100
Subject: [PATCH] amdgpu: Make amdgpu_device_deinitialize thread-safe
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Device will be removed from dev_list when refcount reaches 0, so the
dev_mutex must be locked before decreasing reference otherwise there's
a race where this device is still in dev_list with refcount 0 which will
assert or crash in amdgpu_device_initialize trying to use this device
instead of creating new one.

Fixes issue reported in https://gitlab.freedesktop.org/drm/amd/-/issues/2156#note_2268110

Reviewed-by: Marek Olšák <marek.olsak@amd.com>
---
 amdgpu/amdgpu_device.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/amdgpu/amdgpu_device.c b/amdgpu/amdgpu_device.c
index aeb5e3c5..7d9c5dd9 100644
--- a/amdgpu/amdgpu_device.c
+++ b/amdgpu/amdgpu_device.c
@@ -97,11 +97,9 @@ static void amdgpu_device_free_internal(amdgpu_device_handle dev)
 {
 	amdgpu_device_handle *node = &dev_list;
 
-	pthread_mutex_lock(&dev_mutex);
 	while (*node != dev && (*node)->next)
 		node = &(*node)->next;
 	*node = (*node)->next;
-	pthread_mutex_unlock(&dev_mutex);
 
 	close(dev->fd);
 	if ((dev->flink_fd >= 0) && (dev->fd != dev->flink_fd))
@@ -281,7 +279,9 @@ cleanup:
 
 drm_public int amdgpu_device_deinitialize(amdgpu_device_handle dev)
 {
+	pthread_mutex_lock(&dev_mutex);
 	amdgpu_device_reference(&dev, NULL);
+	pthread_mutex_unlock(&dev_mutex);
 	return 0;
 }