If drmPrimeFDToHandle fails in etna_bo_from_dmabuf, the function must not return with the table_lock mutex held. Unlock the mutex in the error path. Based on ceb70a6b1015 ("freedreno: prevent deadlock in error path"). Signed-off-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx> Reviewed-by: Eric Engestrom <eric.engestrom@xxxxxxxxxx> --- v3: fix the commit message to correspond to the code in v2/v3 --- etnaviv/etnaviv_bo.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/etnaviv/etnaviv_bo.c b/etnaviv/etnaviv_bo.c index 4fe877f1..78b9cd27 100644 --- a/etnaviv/etnaviv_bo.c +++ b/etnaviv/etnaviv_bo.c @@ -206,10 +206,15 @@ struct etna_bo *etna_bo_from_dmabuf(struct etna_device *dev, int fd) int ret, size; uint32_t handle; + /* take the lock before calling drmPrimeFDToHandle to avoid + * racing against etna_bo_del, which might invalidate the + * returned handle. + */ pthread_mutex_lock(&table_lock); ret = drmPrimeFDToHandle(dev->fd, fd, &handle); if (ret) { + pthread_mutex_unlock(&table_lock); return NULL; } -- 2.11.0 _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel