[PATCH 21/22] dma-buf/reservation: shouldn't kfree staged when slot available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Well first of all you need to send that to dri-devel and even lkml, so 
that Chris and others can take a look as well.

Second that patch doesn't looks correct to me, obj->staged should never 
be related to obj->fence.

Regards,
Christian.

Am 26.02.2018 um 06:34 schrieb Monk Liu:
> issue:
> kernel oops or vmc page fault occured during vk_example/vk_cts
> test.
>
> root cause:
> previously reservation object would kfree the staged when slot
> checked available during reserve_shared(), which is incorrect
> becasue this way reservation_object->fence will be a wild pointer
> referenced by following reservation_object_add_shared_fence,
> and lead to lot of abnormal cases depends on luck.
>
> fix:
> don't call kfree on staged in reserve_shared
> and there won't be memleak introduced because reservation's
> finish routine would kfree both staged and fence
>
> Change-Id: If7c01f1b4be3d3d8a81efa90216841f79ab1fc1c
> Signed-off-by: Monk Liu <Monk.Liu at amd.com>
> ---
>   drivers/dma-buf/reservation.c | 7 ++-----
>   1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/dma-buf/reservation.c b/drivers/dma-buf/reservation.c
> index 314eb10..bc01e0d 100644
> --- a/drivers/dma-buf/reservation.c
> +++ b/drivers/dma-buf/reservation.c
> @@ -74,12 +74,9 @@ int reservation_object_reserve_shared(struct reservation_object *obj)
>   	old = reservation_object_get_list(obj);
>   
>   	if (old && old->shared_max) {
> -		if (old->shared_count < old->shared_max) {
> -			/* perform an in-place update */
> -			kfree(obj->staged);
> -			obj->staged = NULL;
> +		if (old->shared_count < old->shared_max)
>   			return 0;
> -		} else
> +		else
>   			max = old->shared_max * 2;
>   	} else
>   		max = 4;



[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux