1 files changed, 40 insertions, 0 deletions

diff --git a/queue-6.6/drm-i915-check-before-removing-mm-notifier.patch b/queue-6.6/drm-i915-check-before-removing-mm-notifier.patch
new file mode 100644
index 0000000000..3692e5c800
--- /dev/null
+++ b/queue-6.6/drm-i915-check-before-removing-mm-notifier.patch
@@ -0,0 +1,40 @@
+From 01bb1ae35006e473138c90711bad1a6b614a1823 Mon Sep 17 00:00:00 2001
+From: Nirmoy Das <nirmoy.das@intel.com>
+Date: Mon, 19 Feb 2024 13:50:47 +0100
+Subject: drm/i915: Check before removing mm notifier
+
+From: Nirmoy Das <nirmoy.das@intel.com>
+
+commit 01bb1ae35006e473138c90711bad1a6b614a1823 upstream.
+
+Error in mmu_interval_notifier_insert() can leave a NULL
+notifier.mm pointer. Catch that and return early.
+
+Fixes: ed29c2691188 ("drm/i915: Fix userptr so we do not have to worry about obj->mm.lock, v7.")
+Cc: <stable@vger.kernel.org> # v5.13+
+[tursulin: Added Fixes and cc stable.]
+Cc: Andi Shyti <andi.shyti@linux.intel.com>
+Cc: Shawn Lee <shawn.c.lee@intel.com>
+Signed-off-by: Nirmoy Das <nirmoy.das@intel.com>
+Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20240219125047.28906-1-nirmoy.das@intel.com
+Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
+(cherry picked from commit db7bbd13f08774cde0332c705f042e327fe21e73)
+Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/gem/i915_gem_userptr.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
++++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
+@@ -379,6 +379,9 @@ i915_gem_userptr_release(struct drm_i915
+ {
+ 	GEM_WARN_ON(obj->userptr.page_ref);
+ 
++	if (!obj->userptr.notifier.mm)
++		return;
++
+ 	mmu_interval_notifier_remove(&obj->userptr.notifier);
+ 	obj->userptr.notifier.mm = NULL;
+ }