On Mon, May 9, 2022 at 12:50 PM Charan Teja Kalla
<quic_charante@xxxxxxxxxxx> wrote:
>
> From: Charan Teja Reddy <quic_charante@xxxxxxxxxxx>
>
> When dma_buf_stats_setup() fails, it closes the dmabuf file which
> results into the calling of dma_buf_file_release() where it does
> list_del(&dmabuf->list_node) with out first adding it to the proper
> list. This is resulting into panic in the below path:
> __list_del_entry_valid+0x38/0xac
> dma_buf_file_release+0x74/0x158
> __fput+0xf4/0x428
> ____fput+0x14/0x24
> task_work_run+0x178/0x24c
> do_notify_resume+0x194/0x264
> work_pending+0xc/0x5f0
>
> Fix it by moving the dma_buf_stats_setup() after dmabuf is added to the
> list.
>
> Fixes: bdb8d06dfefd ("dmabuf: Add the capability to expose DMA-BUF stats in sysfs")
> Signed-off-by: Charan Teja Reddy <quic_charante@xxxxxxxxxxx>
Tested-by: T.J. Mercier <tjmercier@xxxxxxxxxx>
Acked-by: T.J. Mercier <tjmercier@xxxxxxxxxx>
> ---
> drivers/dma-buf/dma-buf.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
> index 602b12d..a6fc96e 100644
> --- a/drivers/dma-buf/dma-buf.c
> +++ b/drivers/dma-buf/dma-buf.c
> @@ -543,10 +543,6 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info)
> file->f_mode |= FMODE_LSEEK;
> dmabuf->file = file;
>
> - ret = dma_buf_stats_setup(dmabuf);
> - if (ret)
> - goto err_sysfs;
> -
> mutex_init(&dmabuf->lock);
> INIT_LIST_HEAD(&dmabuf->attachments);
>
> @@ -554,6 +550,10 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info)
> list_add(&dmabuf->list_node, &db_list.head);
> mutex_unlock(&db_list.lock);
>
> + ret = dma_buf_stats_setup(dmabuf);
> + if (ret)
> + goto err_sysfs;
> +
> return dmabuf;
>
> err_sysfs:
> --
> 2.7.4
>
