[PATCH 2/2] drm: prime: fix lookup of existing imports for self imported buffers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Since atm we don't take a reference on the dma buf pointer when we add
it to the import lookup table the dma buf can vanish leaving the stale
pointer behind. This can in turn lead to returning stale GEM handles
when userspace imports a newly exported buffer.

Fix this by keeping a reference on the dma buffer whenever we have a
pointer to it in the lookup table.

Reference: https://bugs.freedesktop.org/show_bug.cgi?id=59229

Signed-off-by: Imre Deak <imre.deak at intel.com>
---
 drivers/gpu/drm/drm_prime.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c
index bba45f6..e4e1a69 100644
--- a/drivers/gpu/drm/drm_prime.c
+++ b/drivers/gpu/drm/drm_prime.c
@@ -501,6 +501,7 @@ int drm_prime_add_imported_buf_handle(struct drm_prime_file_private *prime_fpriv
 	if (!member)
 		return -ENOMEM;
 
+	get_dma_buf(dma_buf);
 	member->dma_buf = dma_buf;
 	member->handle = handle;
 	list_add(&member->entry, &prime_fpriv->head);
@@ -529,6 +530,7 @@ void drm_prime_remove_imported_buf_handle(struct drm_prime_file_private *prime_f
 	mutex_lock(&prime_fpriv->lock);
 	list_for_each_entry_safe(member, safe, &prime_fpriv->head, entry) {
 		if (member->dma_buf == dma_buf) {
+			dma_buf_put(dma_buf);
 			list_del(&member->entry);
 			kfree(member);
 		}
-- 
1.7.10.4



[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]
  Powered by Linux