[PATCH 21/22] dma-buf/reservation: shouldn't kfree staged when slot available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



issue:
kernel oops or vmc page fault occured during vk_example/vk_cts
test.

root cause:
previously reservation object would kfree the staged when slot
checked available during reserve_shared(), which is incorrect
becasue this way reservation_object->fence will be a wild pointer
referenced by following reservation_object_add_shared_fence,
and lead to lot of abnormal cases depends on luck.

fix:
don't call kfree on staged in reserve_shared
and there won't be memleak introduced because reservation's
finish routine would kfree both staged and fence

Change-Id: If7c01f1b4be3d3d8a81efa90216841f79ab1fc1c
Signed-off-by: Monk Liu <Monk.Liu at amd.com>
---
 drivers/dma-buf/reservation.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/dma-buf/reservation.c b/drivers/dma-buf/reservation.c
index 314eb10..bc01e0d 100644
--- a/drivers/dma-buf/reservation.c
+++ b/drivers/dma-buf/reservation.c
@@ -74,12 +74,9 @@ int reservation_object_reserve_shared(struct reservation_object *obj)
 	old = reservation_object_get_list(obj);
 
 	if (old && old->shared_max) {
-		if (old->shared_count < old->shared_max) {
-			/* perform an in-place update */
-			kfree(obj->staged);
-			obj->staged = NULL;
+		if (old->shared_count < old->shared_max)
 			return 0;
-		} else
+		else
 			max = old->shared_max * 2;
 	} else
 		max = 4;
-- 
2.7.4



[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux