msm: kgsl: prevent kgsl_get_pagetable from returning a destroyed pt (5e8f99df) · Commits · e / devices / android_kernel_sony_msm8994

drivers/gpu/msm/kgsl_mmu.c

+29 −16

Original line number	Diff line number	Diff line
		@@ -124,11 +124,13 @@ kgsl_get_pagetable(unsigned long name)

		spin_lock_irqsave(&kgsl_driver.ptlock, flags);
		list_for_each_entry(pt, &kgsl_driver.pagetable_list, list) {
		if (kref_get_unless_zero(&pt->refcount)) {
		if (pt->name == name) {
		ret = pt;
		kref_get(&ret->refcount);
		break;
		}
		kref_put(&pt->refcount, kgsl_destroy_pagetable);
		}
		}

		spin_unlock_irqrestore(&kgsl_driver.ptlock, flags);
		@@ -324,10 +326,14 @@ kgsl_mmu_get_ptname_from_ptbase(struct kgsl_mmu *mmu, phys_addr_t pt_base)
		return KGSL_MMU_GLOBAL_PT;
		spin_lock(&kgsl_driver.ptlock);
		list_for_each_entry(pt, &kgsl_driver.pagetable_list, list) {
		if (kref_get_unless_zero(&pt->refcount)) {
		if (mmu->mmu_ops->mmu_pt_equal(mmu, pt, pt_base)) {
		ptid = (int) pt->name;
		kref_put(&pt->refcount, kgsl_destroy_pagetable);
		break;
		}
		kref_put(&pt->refcount, kgsl_destroy_pagetable);
		}
		}
		spin_unlock(&kgsl_driver.ptlock);

		@@ -346,16 +352,23 @@ kgsl_mmu_log_fault_addr(struct kgsl_mmu *mmu, phys_addr_t pt_base,
		return 0;
		spin_lock(&kgsl_driver.ptlock);
		list_for_each_entry(pt, &kgsl_driver.pagetable_list, list) {
		if (kref_get_unless_zero(&pt->refcount)) {
		if (mmu->mmu_ops->mmu_pt_equal(mmu, pt, pt_base)) {
		if ((addr & ~(PAGE_SIZE-1)) == pt->fault_addr) {
		ret = 1;
		kref_put(&pt->refcount,
		kgsl_destroy_pagetable);
		break;
		} else {
		pt->fault_addr = (addr & ~(PAGE_SIZE-1));
		pt->fault_addr =
		(addr & ~(PAGE_SIZE-1));
		ret = 0;
		kref_put(&pt->refcount,
		kgsl_destroy_pagetable);
		break;
		}

		}
		kref_put(&pt->refcount, kgsl_destroy_pagetable);
		}
		}
		spin_unlock(&kgsl_driver.ptlock);