drm/i915: take struct_mutex in i915_dma_cleanup()

intel_cleanup_ring_buffer() calls drm_gem_object_unreference() (as
opposed to drm_gem_object_unreference_unlocked()) so it needs to be
called with "struct_mutex" held.  If we don't hold the lock, it triggers
a BUG_ON(!mutex_is_locked(&dev->struct_mutex));

I also audited the other places that call intel_cleanup_ring_buffer()
and they all hold the lock so they're OK.

This was introduced in: 8187a2b70e3 "drm/i915: introduce
intel_ring_buffer structure (V2)" and it's a regression from v2.6.34.

Addresses: https://bugzilla.kernel.org/show_bug.cgi?id=16247

Signed-off-by: Dan Carpenter <error27@gmail.com>
Reported-by: Benny Halevy <bhalevy@panasas.com>
Tested-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: Eric Anholt <eric@anholt.net>

diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
index 4d59710c717e195d955e7849cba4132f72c0adbb..19677ecfe2bf86ce71fcb4b8d9af855f0424c99b 100644 (file)
--- a/drivers/gpu/drm/i915/i915_dma.c
+++ b/drivers/gpu/drm/i915/i915_dma.c
@@ -128,9 +128,11 @@ static int i915_dma_cleanup(struct drm_device * dev)
        if (dev->irq_enabled)
                drm_irq_uninstall(dev);
 
+       mutex_lock(&dev->struct_mutex);
        intel_cleanup_ring_buffer(dev, &dev_priv->render_ring);
        if (HAS_BSD(dev))
                intel_cleanup_ring_buffer(dev, &dev_priv->bsd_ring);
+       mutex_unlock(&dev->struct_mutex);
 
        /* Clear the HWS virtual address at teardown */
        if (I915_NEED_GFX_HWS(dev))