From patchwork Tue Feb 12 01:50:24 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: sheu@google.com X-Patchwork-Id: 14756 Return-Path: X-Original-To: patchwork@peony.canonical.com Delivered-To: patchwork@peony.canonical.com Received: from fiordland.canonical.com (fiordland.canonical.com [91.189.94.145]) by peony.canonical.com (Postfix) with ESMTP id A0AD123E1A for ; Tue, 12 Feb 2013 04:52:28 +0000 (UTC) Received: from mail-vc0-f175.google.com (mail-vc0-f175.google.com [209.85.220.175]) by fiordland.canonical.com (Postfix) with ESMTP id 2E367A186C4 for ; Tue, 12 Feb 2013 04:52:28 +0000 (UTC) Received: by mail-vc0-f175.google.com with SMTP id fw7so4314506vcb.6 for ; Mon, 11 Feb 2013 20:52:27 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-forwarded-to:x-forwarded-for:delivered-to:x-received :received-spf:dkim-signature:x-received:from:to:date:message-id :x-mailer:mime-version:x-mailman-approved-at:cc:subject:x-beenthere :x-mailman-version:precedence:list-id:list-unsubscribe:list-archive :list-post:list-help:list-subscribe:content-type :content-transfer-encoding:sender:errors-to:x-gm-message-state; bh=Mkj/n5cKTMlb11P5IzXNuMpWdZJus9rsumcot7PVP5U=; b=hT34nGeugP1hgv7b3HfLsg/HDTKgPI7DkkGmx6GHzxmktSJuXNl057sPlo8yUZsv0e B1f2Ophn/OYth3zfEUtPEt2O+NbQvClau3b0/CNZmzS7OyfIvy3R+Fjkuq/HkCLjj3mr /gq3l2DFITZ0V5TscjMBK9z1ZcbIeOoyEAmrkanamV6hv8KnF3yxSuKbfjmM8nClnNNB U0XbX9UtmhoH4GVh9Ft/TQ8e8Vap8V/HnQL/sbt9AJGFyeYknT1ZKQgP5Rj3Z4y8AmtI 7nehRRdg8MuqVz9gafkPOpgELZRSqqq8PT5gIV9dlggedZCRgDufdmmaap/KD4D0SoTI ZZKQ== X-Received: by 10.58.232.226 with SMTP id tr2mr21887379vec.48.1360644747599; Mon, 11 Feb 2013 20:52:27 -0800 (PST) X-Forwarded-To: linaro-patchwork@canonical.com X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com Delivered-To: patches@linaro.org Received: by 10.58.252.8 with SMTP id zo8csp134018vec; Mon, 11 Feb 2013 20:52:26 -0800 (PST) X-Received: by 10.204.8.20 with SMTP id f20mr4838551bkf.12.1360644746059; Mon, 11 Feb 2013 20:52:26 -0800 (PST) Received: from mombin.canonical.com (mombin.canonical.com. [91.189.95.16]) by mx.google.com with ESMTP id ic8si30419639bkc.10.2013.02.11.20.52.22; Mon, 11 Feb 2013 20:52:26 -0800 (PST) Received-SPF: neutral (google.com: 91.189.95.16 is neither permitted nor denied by best guess record for domain of linaro-mm-sig-bounces@lists.linaro.org) client-ip=91.189.95.16; Authentication-Results: mx.google.com; spf=neutral (google.com: 91.189.95.16 is neither permitted nor denied by best guess record for domain of linaro-mm-sig-bounces@lists.linaro.org) smtp.mail=linaro-mm-sig-bounces@lists.linaro.org; dkim=neutral (body hash did not verify) header.i=@google.com Received: from localhost ([127.0.0.1] helo=mombin.canonical.com) by mombin.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1U57qr-0001Sj-7y; Tue, 12 Feb 2013 04:52:17 +0000 Received: from mail-qe0-f73.google.com ([209.85.128.73]) by mombin.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1U5519-00028F-CK for linaro-mm-sig@lists.linaro.org; Tue, 12 Feb 2013 01:50:43 +0000 Received: by mail-qe0-f73.google.com with SMTP id 7so669690qeb.4 for ; Mon, 11 Feb 2013 17:50:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:subject:date:message-id:x-mailer:mime-version :content-type:content-transfer-encoding; bh=9rMTkw4m1uukzdk+OSfJDktFBAAzjax3AWgcBWH0vWU=; b=jetJMhCjreMIud5966oOj+X3pxFh3+OZSg/lXPBKQ9wFoaUej5VQGPpSn0jnM91Kt1 MAiefc3HyTd8ErXIHMOAAZzmNq/4QJvE7pB26qa9PjGThBT3ieV2hHT4iib3ahbz33Ti OJfkdGIuujH73rDDpRABm8vefmebHQ7BpKlWvqRfvKekWivbNBHhfibvaONme6caRpa1 /5p9e2zHxH6coxqfRp73ItMbUn2E6bcDxq7CJ8WxLHUzwM8d5hHVWKqH3neSDfWZoyWL ThYGnJww2hex5+xzDIR2poFDsQh8l5TZupIv2J0tjX1loavcuw469LNlfnCvC30wsiq6 igFA== X-Received: by 10.236.165.134 with SMTP id e6mr7266521yhl.32.1360633842590; Mon, 11 Feb 2013 17:50:42 -0800 (PST) Received: from corp2gmr1-2.hot.corp.google.com (corp2gmr1-2.hot.corp.google.com [172.24.189.93]) by gmr-mx.google.com with ESMTPS id f47si1348841yhg.4.2013.02.11.17.50.42 (version=TLSv1.1 cipher=AES128-SHA bits=128/128); Mon, 11 Feb 2013 17:50:42 -0800 (PST) Received: from shortskirt.mtv.corp.google.com (shortskirt.mtv.corp.google.com [172.22.70.255]) by corp2gmr1-2.hot.corp.google.com (Postfix) with ESMTP id 60D885A409A; Mon, 11 Feb 2013 17:50:42 -0800 (PST) Received: by shortskirt.mtv.corp.google.com (Postfix, from userid 157237) id 36D14C0950; Mon, 11 Feb 2013 17:50:38 -0800 (PST) From: sheu@google.com To: sumit.semwal@linaro.org Date: Mon, 11 Feb 2013 17:50:24 -0800 Message-Id: <1360633824-2563-1-git-send-email-sheu@google.com> X-Mailer: git-send-email 1.8.1 MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 12 Feb 2013 04:52:16 +0000 Cc: linaro-mm-sig@lists.linaro.org, linux-media@vger.kernel.org Subject: [Linaro-mm-sig] [PATCH] CHROMIUM: dma-buf: restore args on failure of dma_buf_mmap X-BeenThere: linaro-mm-sig@lists.linaro.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Unified memory management interest group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linaro-mm-sig-bounces@lists.linaro.org Errors-To: linaro-mm-sig-bounces@lists.linaro.org X-Gm-Message-State: ALoCoQkIPzCHtMIkcQGqdLoN1t6fd9LeWYNoyDi4fE1lDkNINvCCq8FFxLFp1lVgU5kTQibxNmXJ From: John Sheu Callers to dma_buf_mmap expect to fput() the vma struct's vm_file themselves on failure. Not restoring the struct's data on failure causes a double-decrement of the vm_file's refcount. Signed-off-by: John Sheu Reviewed-by: Daniel Vetter --- drivers/base/dma-buf.c | 21 +++++++++++++++------ 1 files changed, 15 insertions(+), 6 deletions(-) diff --git a/drivers/base/dma-buf.c b/drivers/base/dma-buf.c index 09e6878..06c6225 100644 --- a/drivers/base/dma-buf.c +++ b/drivers/base/dma-buf.c @@ -536,6 +536,9 @@ EXPORT_SYMBOL_GPL(dma_buf_kunmap); int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma, unsigned long pgoff) { + struct file *oldfile; + int ret; + if (WARN_ON(!dmabuf || !vma)) return -EINVAL; @@ -549,15 +552,21 @@ int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma, return -EINVAL; /* readjust the vma */ - if (vma->vm_file) - fput(vma->vm_file); - + get_file(dmabuf->file); + oldfile = vma->vm_file; vma->vm_file = dmabuf->file; - get_file(vma->vm_file); - vma->vm_pgoff = pgoff; - return dmabuf->ops->mmap(dmabuf, vma); + ret = dmabuf->ops->mmap(dmabuf, vma); + if (ret) { + /* restore old parameters on failure */ + vma->vm_file = oldfile; + fput(dmabuf->file); + } else { + if (oldfile) + fput(oldfile); + } + return ret; } EXPORT_SYMBOL_GPL(dma_buf_mmap);