[PATCH] dma-buf: fix debugfs versus rcu and fence dumping v2 - Linux-stable-mirror

6 Dec 2018

From: Jérôme Glisse jglisse@redhat.com
The debugfs take reference on fence without dropping them. Also the
rcu section are not well balance. Fix all that ...
Changed since v1:
    - moved fobj logic around to be rcu safe
Signed-off-by: Jérôme Glisse jglisse@redhat.com
Cc: Christian König christian.koenig@amd.com
Cc: Daniel Vetter daniel.vetter@ffwll.ch
Cc: Sumit Semwal sumit.semwal@linaro.org
Cc: linux-media@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: linaro-mm-sig@lists.linaro.org
Cc: Stéphane Marchesin marcheu@chromium.org
Cc: stable@vger.kernel.org
---
 drivers/dma-buf/dma-buf.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
index 13884474d158..9688d99894d6 100644
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
@@ -1048,27 +1048,38 @@ static int dma_buf_debug_show(struct seq_file *s, void *unused)
    	while (true) {
    		seq = read_seqcount_begin(&robj->seq);
    		rcu_read_lock();
-			fobj = rcu_dereference(robj->fence);
-			shared_count = fobj ? fobj->shared_count : 0;
    		fence = rcu_dereference(robj->fence_excl);
+			fence = dma_fence_get_rcu(fence);
    		if (!read_seqcount_retry(&robj->seq, seq))
    			break;
    		rcu_read_unlock();
    	}
-
-		if (fence)
+		if (fence) {
    		seq_printf(s, "\tExclusive fence: %s %s %ssignalled\n",
    			   fence->ops->get_driver_name(fence),
    			   fence->ops->get_timeline_name(fence),
    			   dma_fence_is_signaled(fence) ? "" : "un");
-		for (i = 0; i < shared_count; i++) {
+			dma_fence_put(fence);
+		}
+
+		rcu_read_lock();
+		fobj = rcu_dereference(robj->fence);
+		shared_count = fobj ? fobj->shared_count : 0;
+		for (i = 0, fence = NULL; i < shared_count; i++) {
    		fence = rcu_dereference(fobj->shared[i]);
    		if (!dma_fence_get_rcu(fence))
    			continue;
+			rcu_read_unlock();
+
    		seq_printf(s, "\tShared fence: %s %s %ssignalled\n",
    			   fence->ops->get_driver_name(fence),
    			   fence->ops->get_timeline_name(fence),
    			   dma_fence_is_signaled(fence) ? "" : "un");
+			dma_fence_put(fence);
+
+			rcu_read_lock();
+			fobj = rcu_dereference(robj->fence);
+			shared_count = fobj ? fobj->shared_count : 0;
    	}
    	rcu_read_unlock();
-- 
2.17.2


    