From: hyesoo.yu Date: Thu, 23 Aug 2018 04:49:28 +0000 (+0900) Subject: dma-buf: fix wrong variable of task to check condition X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=94550f1e55bddc55099e9e1cd37b1d7a9eff9aec;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git dma-buf: fix wrong variable of task to check condition dmabuf trace should release all references between task and buffer when the task exit. To know when the task exit, the dmabuf trace registers anon file descriptor and that should be closed only by do_exit. Thus, the task need to have 'PF_EXITING' when closing the file system. If not, it is possible for user to manage file descriptor incorrectly, so we check the flags of task. However, release function could be called by kernel thread though delayed work, we have to check the task from file inode's private data instead of 'current' Change-Id: Id2750fc0f4231817537e183df7bc75d010b348b0 Signed-off-by: hyesoo.yu --- diff --git a/drivers/dma-buf/dma-buf-trace.c b/drivers/dma-buf/dma-buf-trace.c index fe3137e6aaca..862bf8558618 100644 --- a/drivers/dma-buf/dma-buf-trace.c +++ b/drivers/dma-buf/dma-buf-trace.c @@ -129,7 +129,15 @@ static int dmabuf_trace_task_release(struct inode *inode, struct file *file) struct dmabuf_trace_task *task = file->private_data; struct dmabuf_trace_ref *ref, *tmp; - WARN_ON(!(current->group_leader->flags & PF_EXITING)); + if (!(task->task->flags & PF_EXITING)) { + pr_err("%s: Invalid to close '%d' on process '%s'(%x, %x)\n", + __func__, task->task->pid, task->task->comm, + task->task->flags, task->task->state); + + dump_stack(); + } + + put_task_struct(task->task); mutex_lock(&trace_lock); @@ -195,6 +203,9 @@ static struct dmabuf_trace_task *dmabuf_trace_get_task(void) INIT_LIST_HEAD(&task->ref_list); scnprintf(name, 10, "%d", current->group_leader->pid); + + get_task_struct(current->group_leader); + task->task = current->group_leader; task->debug_task = debugfs_create_file(name, 0444, debug_root, task, @@ -228,6 +239,8 @@ err_inode: err_fd: debugfs_remove(task->debug_task); err_debugfs: + put_task_struct(current->group_leader); + kfree(task); return ERR_PTR(ret);