<div dir="ltr">If you let me know how, I'll test it</div><br><div class="gmail_quote"><div dir="ltr">On Thu, 9 Jun 2016 at 20:29 Rob Clark <<a href="mailto:robdclark@gmail.com">robdclark@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">There were a couple messed up things about this fail path.<br>
(1) it would drop object_name_lock twice<br>
(2) drm_gem_handle_delete() (in drm_gem_remove_prime_handles())<br>
    needs to grab prime_lock<br>
<br>
Reported-by: Alex Deucher <<a href="mailto:alexdeucher@gmail.com" target="_blank">alexdeucher@gmail.com</a>><br>
Signed-off-by: Rob Clark <<a href="mailto:robdclark@gmail.com" target="_blank">robdclark@gmail.com</a>><br>
---<br>
Untested, but I think this should fix the potential deadlock that Alex<br>
reported.  Would be nice if someone with setup to reproduce could test<br>
this.<br>
<br>
 drivers/gpu/drm/drm_prime.c | 10 ++++++----<br>
 1 file changed, 6 insertions(+), 4 deletions(-)<br>
<br>
diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c<br>
index aab0f3f..780589b 100644<br>
--- a/drivers/gpu/drm/drm_prime.c<br>
+++ b/drivers/gpu/drm/drm_prime.c<br>
@@ -593,7 +593,7 @@ int drm_gem_prime_fd_to_handle(struct drm_device *dev,<br>
                get_dma_buf(dma_buf);<br>
        }<br>
<br>
-       /* drm_gem_handle_create_tail unlocks dev->object_name_lock. */<br>
+       /* _handle_create_tail unconditionally unlocks dev->object_name_lock. */<br>
        ret = drm_gem_handle_create_tail(file_priv, obj, handle);<br>
        drm_gem_object_unreference_unlocked(obj);<br>
        if (ret)<br>
@@ -601,11 +601,10 @@ int drm_gem_prime_fd_to_handle(struct drm_device *dev,<br>
<br>
        ret = drm_prime_add_buf_handle(&file_priv->prime,<br>
                        dma_buf, *handle);<br>
+       mutex_unlock(&file_priv->prime.lock);<br>
        if (ret)<br>
                goto fail;<br>
<br>
-       mutex_unlock(&file_priv->prime.lock);<br>
-<br>
        dma_buf_put(dma_buf);<br>
<br>
        return 0;<br>
@@ -615,11 +614,14 @@ fail:<br>
         * to detach.. which seems ok..<br>
         */<br>
        drm_gem_handle_delete(file_priv, *handle);<br>
+       dma_buf_put(dma_buf);<br>
+       return ret;<br>
+<br>
 out_unlock:<br>
        mutex_unlock(&dev->object_name_lock);<br>
 out_put:<br>
-       dma_buf_put(dma_buf);<br>
        mutex_unlock(&file_priv->prime.lock);<br>
+       dma_buf_put(dma_buf);<br>
        return ret;<br>
 }<br>
 EXPORT_SYMBOL(drm_gem_prime_fd_to_handle);<br>
--<br>
2.5.5<br>
<br>
_______________________________________________<br>
dri-devel mailing list<br>
<a href="mailto:dri-devel@lists.freedesktop.org" target="_blank">dri-devel@lists.freedesktop.org</a><br>
<a href="https://lists.freedesktop.org/mailman/listinfo/dri-devel" rel="noreferrer" target="_blank">https://lists.freedesktop.org/mailman/listinfo/dri-devel</a><br>
</blockquote></div>