From: Charan Teja Reddy quic_charante@quicinc.com
When dma_buf_stats_setup() fails, it closes the dmabuf file which results into the calling of dma_buf_file_release() where it does list_del(&dmabuf->list_node) with out first adding it to the proper list. This is resulting into panic in the below path: __list_del_entry_valid+0x38/0xac dma_buf_file_release+0x74/0x158 __fput+0xf4/0x428 ____fput+0x14/0x24 task_work_run+0x178/0x24c do_notify_resume+0x194/0x264 work_pending+0xc/0x5f0
Fix it by moving the dma_buf_stats_setup() after dmabuf is added to the list.
Fixes: bdb8d06dfefd ("dmabuf: Add the capability to expose DMA-BUF stats in sysfs") Signed-off-by: Charan Teja Reddy quic_charante@quicinc.com --- drivers/dma-buf/dma-buf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 602b12d..a6fc96e 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -543,10 +543,6 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) file->f_mode |= FMODE_LSEEK; dmabuf->file = file;
- ret = dma_buf_stats_setup(dmabuf); - if (ret) - goto err_sysfs; - mutex_init(&dmabuf->lock); INIT_LIST_HEAD(&dmabuf->attachments);
@@ -554,6 +550,10 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) list_add(&dmabuf->list_node, &db_list.head); mutex_unlock(&db_list.lock);
+ ret = dma_buf_stats_setup(dmabuf); + if (ret) + goto err_sysfs; + return dmabuf;
err_sysfs:
On Mon, May 9, 2022 at 12:50 PM Charan Teja Kalla quic_charante@quicinc.com wrote:
From: Charan Teja Reddy quic_charante@quicinc.com
When dma_buf_stats_setup() fails, it closes the dmabuf file which results into the calling of dma_buf_file_release() where it does list_del(&dmabuf->list_node) with out first adding it to the proper list. This is resulting into panic in the below path: __list_del_entry_valid+0x38/0xac dma_buf_file_release+0x74/0x158 __fput+0xf4/0x428 ____fput+0x14/0x24 task_work_run+0x178/0x24c do_notify_resume+0x194/0x264 work_pending+0xc/0x5f0
Fix it by moving the dma_buf_stats_setup() after dmabuf is added to the list.
Fixes: bdb8d06dfefd ("dmabuf: Add the capability to expose DMA-BUF stats in sysfs") Signed-off-by: Charan Teja Reddy quic_charante@quicinc.com
Tested-by: T.J. Mercier tjmercier@google.com Acked-by: T.J. Mercier tjmercier@google.com
drivers/dma-buf/dma-buf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 602b12d..a6fc96e 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -543,10 +543,6 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) file->f_mode |= FMODE_LSEEK; dmabuf->file = file;
ret = dma_buf_stats_setup(dmabuf);if (ret)goto err_sysfs;mutex_init(&dmabuf->lock); INIT_LIST_HEAD(&dmabuf->attachments);@@ -554,6 +550,10 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) list_add(&dmabuf->list_node, &db_list.head); mutex_unlock(&db_list.lock);
ret = dma_buf_stats_setup(dmabuf);if (ret)goto err_sysfs;return dmabuf;err_sysfs:
2.7.4
Hello Mercier,
On 5/10/2022 3:19 AM, T.J. Mercier wrote:
On Mon, May 9, 2022 at 12:50 PM Charan Teja Kalla quic_charante@quicinc.com wrote:
From: Charan Teja Reddy quic_charante@quicinc.com
When dma_buf_stats_setup() fails, it closes the dmabuf file which results into the calling of dma_buf_file_release() where it does list_del(&dmabuf->list_node) with out first adding it to the proper list. This is resulting into panic in the below path: __list_del_entry_valid+0x38/0xac dma_buf_file_release+0x74/0x158 __fput+0xf4/0x428 ____fput+0x14/0x24 task_work_run+0x178/0x24c do_notify_resume+0x194/0x264 work_pending+0xc/0x5f0
Fix it by moving the dma_buf_stats_setup() after dmabuf is added to the list.
Fixes: bdb8d06dfefd ("dmabuf: Add the capability to expose DMA-BUF stats in sysfs") Signed-off-by: Charan Teja Reddy quic_charante@quicinc.com
Tested-by: T.J. Mercier tjmercier@google.com Acked-by: T.J. Mercier tjmercier@google.com
Thanks for the Ack. Also Realized that it should have: Cc: stable@vger.kernel.org # 5.15.x+
Am 10.05.22 um 04:43 schrieb Charan Teja Kalla:
Hello Mercier,
On 5/10/2022 3:19 AM, T.J. Mercier wrote:
On Mon, May 9, 2022 at 12:50 PM Charan Teja Kalla quic_charante@quicinc.com wrote:
From: Charan Teja Reddy quic_charante@quicinc.com
When dma_buf_stats_setup() fails, it closes the dmabuf file which results into the calling of dma_buf_file_release() where it does list_del(&dmabuf->list_node) with out first adding it to the proper list. This is resulting into panic in the below path: __list_del_entry_valid+0x38/0xac dma_buf_file_release+0x74/0x158 __fput+0xf4/0x428 ____fput+0x14/0x24 task_work_run+0x178/0x24c do_notify_resume+0x194/0x264 work_pending+0xc/0x5f0
Fix it by moving the dma_buf_stats_setup() after dmabuf is added to the list.
Fixes: bdb8d06dfefd ("dmabuf: Add the capability to expose DMA-BUF stats in sysfs") Signed-off-by: Charan Teja Reddy quic_charante@quicinc.com
Tested-by: T.J. Mercier tjmercier@google.com Acked-by: T.J. Mercier tjmercier@google.com
Thanks for the Ack. Also Realized that it should have: Cc: stable@vger.kernel.org # 5.15.x+
Reviewed and pushed to drm-misc-fixes.
Thanks, Christian.
linaro-mm-sig@lists.linaro.org
-
Charan Teja Kalla -
Christian König -
T.J. Mercier