msm: kgsl: Take the pagetable reference count only when needed
There could be a race condition where one thread is iterating
over ptlist inside kgsl_get_pagetable() with spinlock acquired
and going to call kref_put(). At the same time another thread is
inside kgsl_put_pagetable() without any spinlock calls kref_put()
and returns without calling kgsl_destroy_pagetable(). The decrement
of refcount by second thread leads to a situation where first thread
enters kgsl_destroy_pagetable_locked() and hence destroying the pt
node from list. This causes the destroyed pt node's next and prev
pointers set to POISON value resulting in kernel panic while executing
next iteration of ptlist.
Taking pt refcount while iterating over ptlist should be avoided if the
spinlock is already held and the pt is not returned to the caller. In
kgsl_get_pagetable(), since the loop is already holding the mutex, it
is safe to look at pt before taking a reference.
CRs-Fixed: 661374
Change-Id: Ide1f57cc1eb3cbf66fa399b6b72491755b999c7a
Signed-off-by: Prabhat Awasthi <pawasthi@codeaurora.org>
1 file changed