Merge "msm: kgsl: Fix kgsl memory allocation and free race condition" into msm-4.9
diff --git a/drivers/gpu/msm/kgsl.c b/drivers/gpu/msm/kgsl.c
index fa4ca39..2283096 100644
--- a/drivers/gpu/msm/kgsl.c
+++ b/drivers/gpu/msm/kgsl.c
@@ -261,8 +261,11 @@
{
struct kgsl_mem_entry *entry = kzalloc(sizeof(*entry), GFP_KERNEL);
- if (entry != NULL)
+ if (entry != NULL) {
kref_init(&entry->refcount);
+ /* put this ref in userspace memory alloc and map ioctls */
+ kref_get(&entry->refcount);
+ }
return entry;
}
@@ -2412,6 +2415,10 @@
trace_kgsl_mem_map(entry, fd);
kgsl_mem_entry_commit_process(entry);
+
+ /* Put the extra ref from kgsl_mem_entry_create() */
+ kgsl_mem_entry_put(entry);
+
return 0;
unmap:
@@ -2718,6 +2725,10 @@
trace_kgsl_mem_map(entry, param->fd);
kgsl_mem_entry_commit_process(entry);
+
+ /* Put the extra ref from kgsl_mem_entry_create() */
+ kgsl_mem_entry_put(entry);
+
return result;
error_attach:
@@ -3155,6 +3166,9 @@
param->mmapsize = kgsl_memdesc_footprint(&entry->memdesc);
param->id = entry->id;
+ /* Put the extra ref from kgsl_mem_entry_create() */
+ kgsl_mem_entry_put(entry);
+
return 0;
}
@@ -3178,6 +3192,9 @@
param->size = (size_t) entry->memdesc.size;
param->flags = (unsigned int) entry->memdesc.flags;
+ /* Put the extra ref from kgsl_mem_entry_create() */
+ kgsl_mem_entry_put(entry);
+
return 0;
}
@@ -3201,6 +3218,9 @@
param->mmapsize = (size_t) kgsl_memdesc_footprint(&entry->memdesc);
param->gpuaddr = (unsigned long) entry->memdesc.gpuaddr;
+ /* Put the extra ref from kgsl_mem_entry_create() */
+ kgsl_mem_entry_put(entry);
+
return 0;
}
@@ -3318,6 +3338,9 @@
trace_sparse_phys_alloc(entry->id, param->size, param->pagesize);
kgsl_mem_entry_commit_process(entry);
+ /* Put the extra ref from kgsl_mem_entry_create() */
+ kgsl_mem_entry_put(entry);
+
return 0;
err_invalid_pages:
@@ -3397,6 +3420,9 @@
trace_sparse_virt_alloc(entry->id, param->size, param->pagesize);
kgsl_mem_entry_commit_process(entry);
+ /* Put the extra ref from kgsl_mem_entry_create() */
+ kgsl_mem_entry_put(entry);
+
return 0;
}