mirror of
https://github.com/torvalds/linux.git
synced 2024-11-29 23:51:37 +00:00
fa13e665e0
If there are exported DMA buffers which are still in use and grant device is closed by either normal user-space close or by a signal this leads to the grant device context to be destroyed, thus making it not possible to correctly destroy those exported buffers when they are returned back to gntdev and makes the module crash: [ 339.617540] [<ffff00000854c0d8>] dmabuf_exp_ops_release+0x40/0xa8 [ 339.617560] [<ffff00000867a6e8>] dma_buf_release+0x60/0x190 [ 339.617577] [<ffff0000082211f0>] __fput+0x88/0x1d0 [ 339.617589] [<ffff000008221394>] ____fput+0xc/0x18 [ 339.617607] [<ffff0000080ed4e4>] task_work_run+0x9c/0xc0 [ 339.617622] [<ffff000008089714>] do_notify_resume+0xfc/0x108 Fix this by referencing gntdev on each DMA buffer export and unreferencing on buffer release. Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com> Reviewed-by: Boris Ostrovsky@oracle.com> Signed-off-by: Juergen Gross <jgross@suse.com>
34 lines
943 B
C
34 lines
943 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
/*
|
|
* Xen dma-buf functionality for gntdev.
|
|
*
|
|
* Copyright (c) 2018 Oleksandr Andrushchenko, EPAM Systems Inc.
|
|
*/
|
|
|
|
#ifndef _GNTDEV_DMABUF_H
|
|
#define _GNTDEV_DMABUF_H
|
|
|
|
#include <xen/gntdev.h>
|
|
|
|
struct gntdev_dmabuf_priv;
|
|
struct gntdev_priv;
|
|
|
|
struct gntdev_dmabuf_priv *gntdev_dmabuf_init(struct file *filp);
|
|
|
|
void gntdev_dmabuf_fini(struct gntdev_dmabuf_priv *priv);
|
|
|
|
long gntdev_ioctl_dmabuf_exp_from_refs(struct gntdev_priv *priv, int use_ptemod,
|
|
struct ioctl_gntdev_dmabuf_exp_from_refs __user *u);
|
|
|
|
long gntdev_ioctl_dmabuf_exp_wait_released(struct gntdev_priv *priv,
|
|
struct ioctl_gntdev_dmabuf_exp_wait_released __user *u);
|
|
|
|
long gntdev_ioctl_dmabuf_imp_to_refs(struct gntdev_priv *priv,
|
|
struct ioctl_gntdev_dmabuf_imp_to_refs __user *u);
|
|
|
|
long gntdev_ioctl_dmabuf_imp_release(struct gntdev_priv *priv,
|
|
struct ioctl_gntdev_dmabuf_imp_release __user *u);
|
|
|
|
#endif
|