<div dir="ltr">+dri-devel ML</div><div class="gmail_extra"><br><br><div class="gmail_quote">On 12 February 2013 07:20, <span dir="ltr"><<a href="mailto:sheu@google.com" target="_blank">sheu@google.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">From: John Sheu <<a href="mailto:sheu@google.com">sheu@google.com</a>><br>
<br>
Callers to dma_buf_mmap expect to fput() the vma struct's vm_file<br>
themselves on failure. Not restoring the struct's data on failure<br>
causes a double-decrement of the vm_file's refcount.<br>
<br>
Signed-off-by: John Sheu <<a href="mailto:sheu@google.com">sheu@google.com</a>><br>
<br>
---<br>
drivers/base/dma-buf.c | 21 +++++++++++++++------<br>
1 files changed, 15 insertions(+), 6 deletions(-)<br>
<br>
diff --git a/drivers/base/dma-buf.c b/drivers/base/dma-buf.c<br>
index 09e6878..06c6225 100644<br>
--- a/drivers/base/dma-buf.c<br>
+++ b/drivers/base/dma-buf.c<br>
@@ -536,6 +536,9 @@ EXPORT_SYMBOL_GPL(dma_buf_kunmap);<br>
int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma,<br>
unsigned long pgoff)<br>
{<br>
+ struct file *oldfile;<br>
+ int ret;<br>
+<br>
if (WARN_ON(!dmabuf || !vma))<br>
return -EINVAL;<br>
<br>
@@ -549,15 +552,21 @@ int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma,<br>
return -EINVAL;<br>
<br>
/* readjust the vma */<br>
- if (vma->vm_file)<br>
- fput(vma->vm_file);<br>
-<br>
+ get_file(dmabuf->file);<br>
+ oldfile = vma->vm_file;<br>
vma->vm_file = dmabuf->file;<br>
- get_file(vma->vm_file);<br>
-<br>
vma->vm_pgoff = pgoff;<br>
<br>
- return dmabuf->ops->mmap(dmabuf, vma);<br>
+ ret = dmabuf->ops->mmap(dmabuf, vma);<br>
+ if (ret) {<br>
+ /* restore old parameters on failure */<br>
+ vma->vm_file = oldfile;<br>
+ fput(dmabuf->file);<br>
+ } else {<br>
+ if (oldfile)<br>
+ fput(oldfile);<br>
+ }<br>
+ return ret;<br>
}<br>
EXPORT_SYMBOL_GPL(dma_buf_mmap);<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
1.7.8.6<br>
<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><span style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><p style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px">
<span lang="EN-US" style="font-size:10pt"><font color="#000066">Thanks and regards,</font></span></p><p style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><span lang="EN-US" style="font-size:10pt"><font color="#000066">Sumit Semwal</font></span></p>
<p style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><span lang="EN-US" style="font-size:10pt"><font color="#000066">Linaro Kernel Engineer - Graphics working group</font></span></p><p style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px">
<span lang="EN-US" style="font-size:10pt;color:rgb(0,176,80)"><span style="color:rgb(0,68,252)"><a href="http://www.linaro.org/" style="color:rgb(0,0,204)" target="_blank">Linaro.org</a></span><b> </b></span><b><span lang="EN-US" style="font-size:10pt">│ </span></b><span lang="EN-US" style="font-size:10pt">Open source software for ARM SoCs</span><u></u><u></u></p>
<p style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><span lang="EN-US" style="font-size:10pt">Follow <b>Linaro: </b></span><span style="font-size:10pt;color:rgb(0,68,252)"><a href="http://www.facebook.com/pages/Linaro" style="color:rgb(0,0,204)" target="_blank"><span style="color:blue">Facebook</span></a></span><span style="font-size:10pt"> | <span style="color:rgb(0,68,252)"><a href="http://twitter.com/#!/linaroorg" style="color:rgb(0,0,204)" target="_blank"><span style="color:blue">Twitter</span></a></span> | <span style="color:rgb(0,68,252)"><a href="http://www.linaro.org/linaro-blog/" style="color:rgb(0,0,204)" target="_blank"><span style="color:blue">Blog</span></a></span></span></p>
</span>
</div>