Merge "dma-buf: fix race while reading the dma_buf in dmabuffs_dname"

#include <linux/list_sort.h>

#include <linux/hashtable.h>

#include <linux/mount.h>

#include <linux/dcache.h>

#include <uapi/linux/dma-buf.h>

#include <uapi/linux/magic.h>

static struct dma_buf_list db_list;

static void dmabuf_dent_put(struct dma_buf *dmabuf)

{

	if (atomic_dec_and_test(&dmabuf->dent_count)) {

		kfree(dmabuf->name);

		kfree(dmabuf);

	}

}

static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen)

{

	struct dma_buf *dmabuf;

	char name[DMA_BUF_NAME_LEN];

	size_t ret = 0;

	spin_lock(&dentry->d_lock);

	dmabuf = dentry->d_fsdata;

	if (!dmabuf || !atomic_add_unless(&dmabuf->dent_count, 1, 0)) {

		spin_unlock(&dentry->d_lock);

		goto out;

	}

	spin_unlock(&dentry->d_lock);

	mutex_lock(&dmabuf->lock);

	if (dmabuf->name)

		ret = strlcpy(name, dmabuf->name, DMA_BUF_NAME_LEN);

	mutex_unlock(&dmabuf->lock);

	dmabuf_dent_put(dmabuf);

out:

	return dynamic_dname(dentry, buffer, buflen, "/%s:%s",

			     dentry->d_name.name, ret > 0 ? name : "");

}

static int dma_buf_release(struct inode *inode, struct file *file)

{

	struct dma_buf *dmabuf;

	struct dentry *dentry = file->f_path.dentry;

	int dtor_ret = 0;

	if (!is_dma_buf_file(file))

	dmabuf = file->private_data;

	spin_lock(&dentry->d_lock);

	dentry->d_fsdata = NULL;

	spin_unlock(&dentry->d_lock);

	BUG_ON(dmabuf->vmapping_counter);

	/*

		reservation_object_fini(dmabuf->resv);

	module_put(dmabuf->owner);

	kfree(dmabuf->buf_name);

	kfree(dmabuf);

	dmabuf_dent_put(dmabuf);

	return 0;

}

	dmabuf->cb_excl.active = dmabuf->cb_shared.active = 0;

	dmabuf->buf_name = bufname;

	dmabuf->ktime = ktime_get();

	atomic_set(&dmabuf->dent_count, 1);

	if (!resv) {

		resv = (struct reservation_object *)&dmabuf[1];

	struct list_head refs;

	dma_buf_destructor dtor;

	void *dtor_data;

	atomic_t dent_count;

};

/**