dma-buf: Restart reservation_object_wait_timeout_rcu() after writes
authorChris Wilson <chris@chris-wilson.co.uk>
Mon, 29 Aug 2016 07:08:31 +0000 (08:08 +0100)
committerSumit Semwal <sumit.semwal@linaro.org>
Wed, 12 Oct 2016 14:27:14 +0000 (19:57 +0530)
In order to be completely generic, we have to double check the read
seqlock after acquiring a reference to the fence. If the driver is
allocating fences from a SLAB_DESTROY_BY_RCU, or similar freelist, then
within an RCU grace period a fence may be freed and reallocated. The RCU
read side critical section does not prevent this reallocation, instead
we have to inspect the reservation's seqlock to double check if the
fences have been reassigned as we were acquiring our reference.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Christian König <christian.koenig@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: linux-media@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: linaro-mm-sig@lists.linaro.org
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>
Link: http://patchwork.freedesktop.org/patch/msgid/20160829070834.22296-8-chris@chris-wilson.co.uk
drivers/dma-buf/reservation.c

index ba3e25dab95ba6c52b2897c0f0f573041864bba4..648e5d0325f9fc6e7443f3c18d3d665e0a14eeb0 100644 (file)
@@ -388,9 +388,6 @@ retry:
                if (fobj)
                        shared_count = fobj->shared_count;
 
-               if (read_seqcount_retry(&obj->seq, seq))
-                       goto unlock_retry;
-
                for (i = 0; i < shared_count; ++i) {
                        struct fence *lfence = rcu_dereference(fobj->shared[i]);
 
@@ -413,9 +410,6 @@ retry:
        if (!shared_count) {
                struct fence *fence_excl = rcu_dereference(obj->fence_excl);
 
-               if (read_seqcount_retry(&obj->seq, seq))
-                       goto unlock_retry;
-
                if (fence_excl &&
                    !test_bit(FENCE_FLAG_SIGNALED_BIT, &fence_excl->flags)) {
                        if (!fence_get_rcu(fence_excl))
@@ -430,6 +424,11 @@ retry:
 
        rcu_read_unlock();
        if (fence) {
+               if (read_seqcount_retry(&obj->seq, seq)) {
+                       fence_put(fence);
+                       goto retry;
+               }
+
                ret = fence_wait_timeout(fence, intr, ret);
                fence_put(fence);
                if (ret > 0 && wait_all && (i + 1 < shared_count))