From: hyesoo.yu Date: Thu, 13 Sep 2018 08:56:58 +0000 (+0900) Subject: [RAMEN9610-12171] ion: protect buffer id by buffer_lock of device X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=8e185e9a359a34f9dadfbf86d0e3da73af2dfbc0;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [RAMEN9610-12171] ion: protect buffer id by buffer_lock of device The exynos_ion_alloc_fixup function set the id for the buffer. The buffer id must be unique. The ida library does its own locking without special requirement to support unique id. However it is possible not to set the unique id when the returned id is error by the ida full or other reason, and the id is set as MAX_BUFFER_ID and updates last_buffer_id as zero because that critical region is not protected by lock. Signed-off-by: hyesoo.yu Change-Id: Idf737b68995278a382c8db5708e13223f46dcf9f --- diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 1303db4a34bd..3316a3431e57 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -113,13 +113,15 @@ static struct ion_buffer *ion_buffer_create(struct ion_heap *heap, buffer->dev = dev; buffer->size = len; - ret = exynos_ion_alloc_fixup(dev, buffer); - if (ret < 0) - goto err1; - INIT_LIST_HEAD(&buffer->iovas); mutex_init(&buffer->lock); mutex_lock(&dev->buffer_lock); + ret = exynos_ion_alloc_fixup(dev, buffer); + if (ret < 0) { + mutex_unlock(&dev->buffer_lock); + goto err1; + } + ion_buffer_add(dev, buffer); mutex_unlock(&dev->buffer_lock); return buffer;