issue:
kernel oops or vmc page fault occured during vk_example/vk_cts
test.
root cause:
previously reservation object would kfree the staged when slot
checked available during reserve_shared(), which is incorrect
becasue this way reservation_object->fence will be a wild pointer
referenced by following reservation_object_add_shared_fence,
and lead to lot of abnormal cases depends on luck.
fix:
don't call kfree on staged in reserve_shared
and there won't be memleak introduced because reservation's
finish routine would kfree both staged and fence
Change-Id: If7c01f1b4be3d3d8a81efa90216841f79ab1fc1c
Signed-off-by: Monk Liu <Monk.Liu at amd.com>
---
drivers/dma-buf/reservation.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/drivers/dma-buf/reservation.c b/drivers/dma-buf/reservation.c
index 314eb10..bc01e0d 100644
--- a/drivers/dma-buf/reservation.c
+++ b/drivers/dma-buf/reservation.c
@@ -74,12 +74,9 @@ int reservation_object_reserve_shared(struct reservation_object *obj)
old = reservation_object_get_list(obj);
if (old && old->shared_max) {
- if (old->shared_count < old->shared_max) {
- /* perform an in-place update */
- kfree(obj->staged);
- obj->staged = NULL;
+ if (old->shared_count < old->shared_max)
return 0;
- } else
+ else
max = old->shared_max * 2;
} else
max = 4;
--
2.7.4
