drm/rockchip: Don't grab dev->struct_mutex for in mmap offset ioctl

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Since David Herrmann's mmap vma manager rework we don't need to grab
dev->struct_mutex any more to prevent races when looking up the mmap
offset. Drop it and instead don't forget to use the unref_unlocked
variant (since the drm core still cares).

Aside: I stumbled over the mmap handler which directly does a
dma_mmap_attrs. But totally fails to grab a reference on the
underlying object and hence looks like it happily just leaks the ptes
since there's no guarantee the mmap isn't still around when
gem_free_object is called. Which the kerneldoc of dma_mmap_attrs
explicitly forbids.

v2: Fixup compile fail 0-day spotted.

Cc: Mark Yao <mark.yao@rock-chips.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>

Daniel Vetter 10 years ago 648a4ce7 141518b6

+4 -8

1 changed file

expand all

drivers

gpu

drm

rockchip

rockchip_drm_gem.c

+4 -8

drivers/gpu/drm/rockchip/rockchip_drm_gem.c

··· 200 200 struct drm_gem_object *obj; 201 201 int ret; 202 202 203 - mutex_lock(&dev->struct_mutex); 204 - 205 203 obj = drm_gem_object_lookup(dev, file_priv, handle); 206 204 if (!obj) { 207 205 DRM_ERROR("failed to lookup gem object.\n"); 208 - ret = -EINVAL; 209 - goto unlock; 206 + return -EINVAL; 210 207 } 211 208 212 209 ret = drm_gem_create_mmap_offset(obj); ··· 214 217 DRM_DEBUG_KMS("offset = 0x%llx\n", *offset); 215 218 216 219 out: 217 - drm_gem_object_unreference(obj); 218 - unlock: 219 - mutex_unlock(&dev->struct_mutex); 220 - return ret; 220 + drm_gem_object_unreference_unlocked(obj); 221 + 222 + return 0; 221 223 } 222 224 223 225 /*