renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-29 15:43:59 +08:00
Code
ac5b705b22
linux-next/drivers/staging/android
History
Prakash Kamliya ac5b705b22 staging: android: sync: Signal pt before sync_timeline object gets destroyed 
There is a race condition

Assume we have *one* sync_fence object, with *one* sync_pt
which belongs to *one* sync_timeline, given this condition,
sync_timeline->kref will have two counts, one for sync_timeline
(implicit) and another for sync_pt.

Assume following is the situation on CPU

Theead-1 : (Thread which calls sync_timeline_destroy())
  -> (some function calls)
   -> sync_timeline_destory()
    -> sync_timeline_signal() (CPU is inside this
function after putting reference to sync_timeline)

At this time Thread-2 comes and does following

Thread-2 : (fclose on fence fd)
> sync_fence_release() -> because of fclose() on fence object
 -> sync_fence_free()
  -> sync_pt_free()
   -> kref_put(&pt->parent->kref, sync_timeline_free);
    -> sync_timeline_free() (CPU is inside this because
this time kref will be zero after _put)

Thread-2 will free sync_timeline object before Thread-1
has finished its work inside sync_timeline_signal.

With this change we signals all sync_pt before putting
reference to sync_timeline object.

Cc: Colin Cross <ccross@android.com>
Cc: Android Kernel Team <kernel-team@android.com>
Signed-off-by: Prakash Kamliya <pkamliya@codeaurora.org>
[jstultz: minor commit subject tweak]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-02-07 09:36:27 -08:00
..
ion staging: ion: Fix build warning 2014-02-07 09:03:16 -08:00
trace staging: sync: Add tracepoint support 2013-03-04 17:46:55 +08:00
uapi ion_test: Add compat_ioctl support (v2) 2013-12-19 16:10:25 -08:00
alarm-dev.c staging: alarm-dev: Seperate functions with one blank line 2013-11-19 15:33:39 -08:00
android_alarm.h staging: alarm-dev: Implement compat_ioctl support 2013-01-18 12:37:11 -08:00
ashmem.c staging: ashmem: Avoid deadlock between read and mmap calls 2014-02-07 09:03:16 -08:00
ashmem.h staging: android: ashmem: Add support for 32bit ashmem calls in a 64bit kernel 2013-03-06 08:49:43 +08:00
binder_trace.h Staging: android: binder: Add some tracepoints 2012-10-22 13:04:29 -07:00
binder.c Staging: android: Mark local functions in binder.c as static 2013-09-17 07:47:39 -07:00
binder.h staging: android: binder: fix binder interface for 64bit compat layer 2013-07-23 14:37:22 -07:00
Kconfig gpu: ion: Add ION Memory Manager 2013-12-14 08:50:15 -08:00
logger.c Merge git://git.kvack.org/~bcrl/aio-next 2013-09-13 10:55:58 -07:00
logger.h staging: android: logger: use kuid_t instead of uid_t 2013-05-16 15:37:51 -07:00
lowmemorykiller.c drivers: convert shrinkers to new count/scan API 2013-09-10 18:56:32 -04:00
Makefile ion: Reenable the build 2013-12-15 09:40:11 -08:00
ram_console.h
sw_sync.c android/sw_sync: use get_unused_fd_flags(O_CLOEXEC) instead of get_unused_fd() 2013-08-15 17:26:44 -07:00
sw_sync.h staging: sw_sync: Add stubs for kernels without CONFIG_SW_SYNC 2014-02-07 09:03:16 -08:00
sync.c staging: android: sync: Signal pt before sync_timeline object gets destroyed 2014-02-07 09:36:27 -08:00
sync.h staging: android: Fix typo in android/sync.h 2013-11-11 16:22:17 -08:00
timed_gpio.c staging/android: use module_platform_driver 2012-08-13 19:04:25 -07:00
timed_gpio.h
timed_output.c staging: android: timed_output: fix sysfs file creation race 2013-08-24 10:27:29 -07:00
timed_output.h Staging: android: Remove extern from function prototypes in .h files 2013-09-17 07:47:39 -07:00
TODO