msm: kgsl: Fix kgsl memory allocation and free race condition (24d3fe1d) · Commits · e / devices / android_kernel_fairphone_FP3

drivers/gpu/msm/kgsl.c

+27 −1

Original line number	Diff line number	Diff line
		@@ -261,8 +261,11 @@ kgsl_mem_entry_create(void)
		{
		struct kgsl_mem_entry entry = kzalloc(sizeof(entry), GFP_KERNEL);

		if (entry != NULL)
		if (entry != NULL) {
		kref_init(&entry->refcount);
		/* put this ref in userspace memory alloc and map ioctls */
		kref_get(&entry->refcount);
		}

		return entry;
		}
		@@ -2412,6 +2415,10 @@ long kgsl_ioctl_gpuobj_import(struct kgsl_device_private *dev_priv,
		trace_kgsl_mem_map(entry, fd);

		kgsl_mem_entry_commit_process(entry);

		/* Put the extra ref from kgsl_mem_entry_create() */
		kgsl_mem_entry_put(entry);

		return 0;

		unmap:
		@@ -2718,6 +2725,10 @@ long kgsl_ioctl_map_user_mem(struct kgsl_device_private *dev_priv,
		trace_kgsl_mem_map(entry, param->fd);

		kgsl_mem_entry_commit_process(entry);

		/* Put the extra ref from kgsl_mem_entry_create() */
		kgsl_mem_entry_put(entry);

		return result;

		error_attach:
		@@ -3155,6 +3166,9 @@ long kgsl_ioctl_gpuobj_alloc(struct kgsl_device_private *dev_priv,
		param->mmapsize = kgsl_memdesc_footprint(&entry->memdesc);
		param->id = entry->id;

		/* Put the extra ref from kgsl_mem_entry_create() */
		kgsl_mem_entry_put(entry);

		return 0;
		}

		@@ -3178,6 +3192,9 @@ long kgsl_ioctl_gpumem_alloc(struct kgsl_device_private *dev_priv,
		param->size = (size_t) entry->memdesc.size;
		param->flags = (unsigned int) entry->memdesc.flags;

		/* Put the extra ref from kgsl_mem_entry_create() */
		kgsl_mem_entry_put(entry);

		return 0;
		}

		@@ -3201,6 +3218,9 @@ long kgsl_ioctl_gpumem_alloc_id(struct kgsl_device_private *dev_priv,
		param->mmapsize = (size_t) kgsl_memdesc_footprint(&entry->memdesc);
		param->gpuaddr = (unsigned long) entry->memdesc.gpuaddr;

		/* Put the extra ref from kgsl_mem_entry_create() */
		kgsl_mem_entry_put(entry);

		return 0;
		}

		@@ -3318,6 +3338,9 @@ long kgsl_ioctl_sparse_phys_alloc(struct kgsl_device_private *dev_priv,
		trace_sparse_phys_alloc(entry->id, param->size, param->pagesize);
		kgsl_mem_entry_commit_process(entry);

		/* Put the extra ref from kgsl_mem_entry_create() */
		kgsl_mem_entry_put(entry);

		return 0;

		err_invalid_pages:
		@@ -3397,6 +3420,9 @@ long kgsl_ioctl_sparse_virt_alloc(struct kgsl_device_private *dev_priv,
		trace_sparse_virt_alloc(entry->id, param->size, param->pagesize);
		kgsl_mem_entry_commit_process(entry);

		/* Put the extra ref from kgsl_mem_entry_create() */
		kgsl_mem_entry_put(entry);

		return 0;
		}