| Message ID | 1652125797-2043-1-git-send-email-quic_charante@quicinc.com |
|---|---|
| State | Accepted |
| Commit | ef3a6b70507a2add2cd2e01f5eb9b54d561bacb9 |
| Headers | show |
| Series | dma-buf: call dma_buf_stats_setup after dmabuf is in valid list | expand |
On Mon, May 9, 2022 at 12:50 PM Charan Teja Kalla <quic_charante@quicinc.com> wrote: > > From: Charan Teja Reddy <quic_charante@quicinc.com> > > When dma_buf_stats_setup() fails, it closes the dmabuf file which > results into the calling of dma_buf_file_release() where it does > list_del(&dmabuf->list_node) with out first adding it to the proper > list. This is resulting into panic in the below path: > __list_del_entry_valid+0x38/0xac > dma_buf_file_release+0x74/0x158 > __fput+0xf4/0x428 > ____fput+0x14/0x24 > task_work_run+0x178/0x24c > do_notify_resume+0x194/0x264 > work_pending+0xc/0x5f0 > > Fix it by moving the dma_buf_stats_setup() after dmabuf is added to the > list. > > Fixes: bdb8d06dfefd ("dmabuf: Add the capability to expose DMA-BUF stats in sysfs") > Signed-off-by: Charan Teja Reddy <quic_charante@quicinc.com> Tested-by: T.J. Mercier <tjmercier@google.com> Acked-by: T.J. Mercier <tjmercier@google.com> > --- > drivers/dma-buf/dma-buf.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c > index 602b12d..a6fc96e 100644 > --- a/drivers/dma-buf/dma-buf.c > +++ b/drivers/dma-buf/dma-buf.c > @@ -543,10 +543,6 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) > file->f_mode |= FMODE_LSEEK; > dmabuf->file = file; > > - ret = dma_buf_stats_setup(dmabuf); > - if (ret) > - goto err_sysfs; > - > mutex_init(&dmabuf->lock); > INIT_LIST_HEAD(&dmabuf->attachments); > > @@ -554,6 +550,10 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) > list_add(&dmabuf->list_node, &db_list.head); > mutex_unlock(&db_list.lock); > > + ret = dma_buf_stats_setup(dmabuf); > + if (ret) > + goto err_sysfs; > + > return dmabuf; > > err_sysfs: > -- > 2.7.4 >
Hello Mercier, On 5/10/2022 3:19 AM, T.J. Mercier wrote: > On Mon, May 9, 2022 at 12:50 PM Charan Teja Kalla > <quic_charante@quicinc.com> wrote: >> From: Charan Teja Reddy <quic_charante@quicinc.com> >> >> When dma_buf_stats_setup() fails, it closes the dmabuf file which >> results into the calling of dma_buf_file_release() where it does >> list_del(&dmabuf->list_node) with out first adding it to the proper >> list. This is resulting into panic in the below path: >> __list_del_entry_valid+0x38/0xac >> dma_buf_file_release+0x74/0x158 >> __fput+0xf4/0x428 >> ____fput+0x14/0x24 >> task_work_run+0x178/0x24c >> do_notify_resume+0x194/0x264 >> work_pending+0xc/0x5f0 >> >> Fix it by moving the dma_buf_stats_setup() after dmabuf is added to the >> list. >> >> Fixes: bdb8d06dfefd ("dmabuf: Add the capability to expose DMA-BUF stats in sysfs") >> Signed-off-by: Charan Teja Reddy <quic_charante@quicinc.com> > Tested-by: T.J. Mercier <tjmercier@google.com> > Acked-by: T.J. Mercier <tjmercier@google.com> > Thanks for the Ack. Also Realized that it should have: Cc: <stable@vger.kernel.org> # 5.15.x+
diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 602b12d..a6fc96e 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -543,10 +543,6 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) file->f_mode |= FMODE_LSEEK; dmabuf->file = file; - ret = dma_buf_stats_setup(dmabuf); - if (ret) - goto err_sysfs; - mutex_init(&dmabuf->lock); INIT_LIST_HEAD(&dmabuf->attachments); @@ -554,6 +550,10 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) list_add(&dmabuf->list_node, &db_list.head); mutex_unlock(&db_list.lock); + ret = dma_buf_stats_setup(dmabuf); + if (ret) + goto err_sysfs; + return dmabuf; err_sysfs: