From 14139f66e4f4a678e30ed06764603cd050e06ffd Mon Sep 17 00:00:00 2001 From: Bulbul Dabi Date: Tue, 31 May 2016 11:24:22 -0600 Subject: [PATCH] msm: kgsl: Reserve a context ID slot but don't populate immediately When creating a context allocate an ID but don't populate the slot with the context pointer until we are done setup up the rest of the process. This avoids a race if somebody tries to free the same identifier before the create operation is complete. Bug: 31824853 Change-Id: Ic0dedbadca5b4cc4ce567afad48a33078b549439 Signed-off-by: Jordan Crouse --- drivers/gpu/msm/kgsl.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/msm/kgsl.c b/drivers/gpu/msm/kgsl.c index f8ab3d042a728..4383e77776163 100644 --- a/drivers/gpu/msm/kgsl.c +++ b/drivers/gpu/msm/kgsl.c @@ -516,21 +516,18 @@ void kgsl_context_dump(struct kgsl_context *context) EXPORT_SYMBOL(kgsl_context_dump); /* Allocate a new context ID */ -int _kgsl_get_context_id(struct kgsl_device *device, - struct kgsl_context *context) +int _kgsl_get_context_id(struct kgsl_device *device) { int id; idr_preload(GFP_KERNEL); write_lock(&device->context_lock); - id = idr_alloc(&device->context_idr, context, 1, + /* Allocate the slot but don't put a pointer in it yet */ + id = idr_alloc(&device->context_idr, NULL, 1, KGSL_MEMSTORE_MAX, GFP_NOWAIT); write_unlock(&device->context_lock); idr_preload_end(); - if (id > 0) - context->id = id; - return id; } @@ -554,7 +551,7 @@ int kgsl_context_init(struct kgsl_device_private *dev_priv, char name[64]; int ret = 0, id; - id = _kgsl_get_context_id(device, context); + id = _kgsl_get_context_id(device); if (id == -ENOSPC) { /* * Before declaring that there are no contexts left try @@ -565,7 +562,7 @@ int kgsl_context_init(struct kgsl_device_private *dev_priv, mutex_unlock(&device->mutex); flush_workqueue(device->events_wq); mutex_lock(&device->mutex); - id = _kgsl_get_context_id(device, context); + id = _kgsl_get_context_id(device); } if (id < 0) { @@ -577,6 +574,8 @@ int kgsl_context_init(struct kgsl_device_private *dev_priv, return id; } + context->id = id; + kref_init(&context->refcount); /* * Get a refernce to the process private so its not destroyed, until @@ -2580,6 +2579,12 @@ long kgsl_ioctl_drawctxt_create(struct kgsl_device_private *dev_priv, goto done; } trace_kgsl_context_create(dev_priv->device, context, param->flags); + + /* Commit the pointer to the context in context_idr */ + write_lock(&device->context_lock); + idr_replace(&device->context_idr, context, context->id); + write_unlock(&device->context_lock); + param->drawctxt_id = context->id; done: mutex_unlock(&device->mutex);