2017-11-07 17:32:46 -05:00
|
|
|
From 20c8f1c393ec2726ac46642ae8883643f2427c4f Mon Sep 17 00:00:00 2001
|
2017-10-29 01:48:53 -04:00
|
|
|
From: Sunil Khatri <sunilkh@codeaurora.org>
|
2017-11-07 17:32:46 -05:00
|
|
|
Date: Thu, 6 Apr 2017 16:56:47 +0530
|
2017-10-29 01:48:53 -04:00
|
|
|
Subject: msm: kgsl: Fix kgsl memory allocation and free race condition
|
|
|
|
|
|
|
|
When allocating userspace memory keep reference to memory
|
|
|
|
allocation till it is completely initialized and info is sent back
|
|
|
|
to userspace.
|
|
|
|
|
|
|
|
Change-Id: Id72c82bf98c094ecbd4722813c732a998dcbb188
|
|
|
|
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
|
|
|
|
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
|
|
|
|
---
|
2017-11-07 17:32:46 -05:00
|
|
|
drivers/gpu/msm/kgsl.c | 17 ++++++++++++++++-
|
|
|
|
1 file changed, 16 insertions(+), 1 deletion(-)
|
2017-10-29 01:48:53 -04:00
|
|
|
|
|
|
|
diff --git a/drivers/gpu/msm/kgsl.c b/drivers/gpu/msm/kgsl.c
|
2017-11-07 17:32:46 -05:00
|
|
|
index 0ba75e0..8f6ff24 100644
|
2017-10-29 01:48:53 -04:00
|
|
|
--- a/drivers/gpu/msm/kgsl.c
|
|
|
|
+++ b/drivers/gpu/msm/kgsl.c
|
2017-11-07 17:32:46 -05:00
|
|
|
@@ -250,8 +250,11 @@ kgsl_mem_entry_create(void)
|
2017-10-29 01:48:53 -04:00
|
|
|
{
|
|
|
|
struct kgsl_mem_entry *entry = kzalloc(sizeof(*entry), GFP_KERNEL);
|
|
|
|
|
|
|
|
- if (entry != NULL)
|
|
|
|
+ if (entry != NULL) {
|
|
|
|
kref_init(&entry->refcount);
|
|
|
|
+ /* put this ref in the caller functions after init */
|
|
|
|
+ kref_get(&entry->refcount);
|
|
|
|
+ }
|
2017-11-07 17:32:46 -05:00
|
|
|
|
2017-10-29 01:48:53 -04:00
|
|
|
return entry;
|
|
|
|
}
|
2017-11-07 17:32:46 -05:00
|
|
|
@@ -2300,6 +2303,9 @@ long kgsl_ioctl_gpuobj_import(struct kgsl_device_private *dev_priv,
|
2017-10-29 01:48:53 -04:00
|
|
|
trace_kgsl_mem_map(entry, fd);
|
|
|
|
|
|
|
|
kgsl_mem_entry_commit_process(entry);
|
|
|
|
+
|
|
|
|
+ /* put the extra refcount for kgsl_mem_entry_create() */
|
|
|
|
+ kgsl_mem_entry_put(entry);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
unmap:
|
2017-11-07 17:32:46 -05:00
|
|
|
@@ -2606,6 +2612,9 @@ long kgsl_ioctl_map_user_mem(struct kgsl_device_private *dev_priv,
|
2017-10-29 01:48:53 -04:00
|
|
|
trace_kgsl_mem_map(entry, param->fd);
|
|
|
|
|
|
|
|
kgsl_mem_entry_commit_process(entry);
|
|
|
|
+
|
|
|
|
+ /* put the extra refcount for kgsl_mem_entry_create() */
|
|
|
|
+ kgsl_mem_entry_put(entry);
|
|
|
|
return result;
|
|
|
|
|
|
|
|
error_attach:
|
2017-11-07 17:32:46 -05:00
|
|
|
@@ -3044,6 +3053,8 @@ long kgsl_ioctl_gpuobj_alloc(struct kgsl_device_private *dev_priv,
|
2017-10-29 01:48:53 -04:00
|
|
|
param->mmapsize = kgsl_memdesc_footprint(&entry->memdesc);
|
|
|
|
param->id = entry->id;
|
|
|
|
|
|
|
|
+ /* put the extra refcount for kgsl_mem_entry_create() */
|
|
|
|
+ kgsl_mem_entry_put(entry);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-11-07 17:32:46 -05:00
|
|
|
@@ -3067,6 +3078,8 @@ long kgsl_ioctl_gpumem_alloc(struct kgsl_device_private *dev_priv,
|
2017-10-29 01:48:53 -04:00
|
|
|
param->size = (size_t) entry->memdesc.size;
|
|
|
|
param->flags = (unsigned int) entry->memdesc.flags;
|
|
|
|
|
|
|
|
+ /* put the extra refcount for kgsl_mem_entry_create() */
|
|
|
|
+ kgsl_mem_entry_put(entry);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-11-07 17:32:46 -05:00
|
|
|
@@ -3090,6 +3103,8 @@ long kgsl_ioctl_gpumem_alloc_id(struct kgsl_device_private *dev_priv,
|
2017-10-29 01:48:53 -04:00
|
|
|
param->mmapsize = (size_t) kgsl_memdesc_footprint(&entry->memdesc);
|
|
|
|
param->gpuaddr = (unsigned long) entry->memdesc.gpuaddr;
|
|
|
|
|
|
|
|
+ /* put the extra refcount for kgsl_mem_entry_create() */
|
|
|
|
+ kgsl_mem_entry_put(entry);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
--
|
|
|
|
cgit v1.1
|
|
|
|
|