UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/include
History
Daniel Vetter 20228c4478 drm/gem: completely close gem_open vs. gem_close races 
The gem flink name holds a reference onto the object itself, and this
self-reference would prevent an flink'ed object from every being
freed. To break that loop we remove the flink name when the last
userspace handle disappears, i.e. when obj->handle_count reaches 0.

Now in gem_open we drop the dev->object_name_lock between the flink
name lookup and actually adding the handle. This means a concurrent
gem_close of the last handle could result in the flink name getting
reaped right inbetween, i.e.

Thread 1		Thread 2
gem_open		gem_close

flink -> obj lookup
			handle_count drops to 0
			remove flink name
create_handle
handle_count++

If someone now flinks this object again, we'll get a new flink name.

We can close this race by removing the lock dropping and making the
entire lookup+handle_create sequence atomic. Unfortunately to still be
able to share the handle_create logic this requires a
handle_create_tail function which drops the lock - we can't hold the
object_name_lock while calling into a driver's ->gem_open callback.

Note that for flink fixing this race isn't really important, since
racing gem_open against gem_close is clearly a userspace bug. And no
matter how the race ends, we won't leak any references.

But with dma-buf where the userspace dma-buf fd itself is refcounted
this is a valid sequence and hence we should fix it. Therefore this
patch here is just a warm-up exercise (and for consistency between
flink buffer sharing and dma-buf buffer sharing with self-imports).

Also note that this extension of the critical section in gem_open
protected by dev->object_name_lock only works because it's now a
mutex: A spinlock would conflict with the potential memory allocation
in idr_preload().

This is exercises by igt/gem_flink_race/flink_name.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
 		2013-08-21 12:58:17 +10:00
..
acpi Revert "ACPI / video / i915: No ACPI backlight if firmware expects Windows 8" 2013-07-26 14:59:20 +02:00
asm-generic Merge branch 'cpuinit-delete' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2013-07-07 11:01:19 -07:00
clocksource clocksource: arch_timer: use virtual counters 2013-06-07 10:20:28 +01:00
crypto
drm drm/gem: completely close gem_open vs. gem_close races 2013-08-21 12:58:17 +10:00
dt-bindings Pin control fixes for the v3.11 series: 2013-07-28 18:19:27 -07:00
keys
kvm ARM: KVM: Allow host virt timer irq to be different from guest timer virt irq 2013-06-26 10:50:02 -07:00
linux Merge tag 'drm-intel-next-2013-08-09' of git://people.freedesktop.org/~danvet/drm-intel into drm-next 2013-08-21 12:48:59 +10:00
math-emu
media [media] exynos4-is: Correct colorspace handling at FIMC-LITE 2013-06-28 15:33:27 -03:00
memory
misc
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-07-13 17:42:22 -07:00
pcmcia
ras
rdma Merge branches 'af_ib', 'cxgb4', 'misc', 'mlx5', 'ocrdma', 'qib' and 'srp' into for-next 2013-07-08 11:22:11 -07:00
rxrpc
scsi [SCSI] libiscsi: Added new boot entries in the session sysfs 2013-06-26 18:04:11 -07:00
sound ASoC: More updates for v3.11 2013-06-28 13:36:22 +02:00
target target: make queue_tm_rsp() return void 2013-07-07 18:36:53 -07:00
trace This contains fixes, optimizations and some clean ups 2013-07-22 19:07:24 -07:00
uapi Merge remote-tracking branch 'pfdo/drm-rcar-for-v3.12' into drm-next 2013-08-19 09:24:13 +10:00
video Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2013-07-09 16:04:31 -07:00
xen Merge branch 'for-3.11/drivers' of git://git.kernel.dk/linux-block 2013-07-22 19:02:52 -07:00
Kbuild