[bug report] dma-buf: Move dma_buf_attach() to dynamic locking specification
Dan Carpenter
dan.carpenter at oracle.com
Tue Oct 25 11:41:50 UTC 2022
Hello Dmitry Osipenko,
The patch 809d9c72c2f8: "dma-buf: Move dma_buf_attach() to dynamic
locking specification" from Oct 17, 2022, leads to the following
Smatch static checker warning:
drivers/dma-buf/dma-buf.c:957 dma_buf_dynamic_attach()
error: double unlocked 'dmabuf->resv' (orig line 915)
drivers/dma-buf/dma-buf.c
987 /**
988 * dma_buf_detach - Remove the given attachment from dmabuf's attachments list
989 * @dmabuf: [in] buffer to detach from.
990 * @attach: [in] attachment to be detached; is free'd after this call.
991 *
992 * Clean up a device attachment obtained by calling dma_buf_attach().
993 *
994 * Optionally this calls &dma_buf_ops.detach for device-specific detach.
995 */
996 void dma_buf_detach(struct dma_buf *dmabuf, struct dma_buf_attachment *attach)
997 {
998 if (WARN_ON(!dmabuf || !attach))
999 return;
1000
1001 dma_resv_lock(attach->dmabuf->resv, NULL);
In the original code used to take this both the "attach->dmabuf->resv"
and "dmabuf->resv" locks and unlock them both. But now it takes one
lock and unlocks the other. Seems sus.
1002
1003 if (attach->sgt) {
1004
1005 __unmap_dma_buf(attach, attach->sgt, attach->dir);
1006
1007 if (dma_buf_is_dynamic(attach->dmabuf))
1008 dmabuf->ops->unpin(attach);
1009 }
1010 list_del(&attach->node);
1011
1012 dma_resv_unlock(dmabuf->resv);
1013
1014 if (dmabuf->ops->detach)
1015 dmabuf->ops->detach(dmabuf, attach);
1016
1017 kfree(attach);
1018 }
regards,
dan carpenter
More information about the dri-devel
mailing list