From ce8ef677d55d74149d75a0ccf8e3b493bf68e110 Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Wed, 15 Aug 2012 17:54:38 +0300 Subject: video: tegra: nvmap: fix handle usecount tracking A handle's usecount used to be incremented once during the mmap ioctl, and decremented when the mapping is closed by the kernel. However, that fails if a mapping cloned, for example if the mapping was split due to a munmap, or (presumably) during fork, as the decrement will then happen for each cloned mapping. Therefore increment the usecount when a mapping is opened. Also fix a BUG_ON() that would have caught this bug, if it wouldn't have done the check by checking if the unsigned usecount field is less than zero. Bug 1033981 Change-Id: I72ac9361a19e44f91ffd6b1126f4632e0f7b6726 Signed-off-by: Tuomas Tynkkynen Reviewed-on: http://git-master/r/123710 Reviewed-by: Automatic_Commit_Validation_User GVS: Gerrit_Virtual_Submit Reviewed-by: Krishna Reddy --- drivers/video/tegra/nvmap/nvmap_dev.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'drivers/video/tegra') diff --git a/drivers/video/tegra/nvmap/nvmap_dev.c b/drivers/video/tegra/nvmap/nvmap_dev.c index 98b0bcc18ba5..02ccaeec4965 100644 --- a/drivers/video/tegra/nvmap/nvmap_dev.c +++ b/drivers/video/tegra/nvmap/nvmap_dev.c @@ -886,10 +886,11 @@ static void nvmap_vma_open(struct vm_area_struct *vma) struct nvmap_vma_priv *priv; priv = vma->vm_private_data; - BUG_ON(!priv); atomic_inc(&priv->count); + if(priv->handle) + nvmap_usecount_inc(priv->handle); } static void nvmap_vma_close(struct vm_area_struct *vma) @@ -898,8 +899,8 @@ static void nvmap_vma_close(struct vm_area_struct *vma) if (priv) { if (priv->handle) { + BUG_ON(priv->handle->usecount == 0); nvmap_usecount_dec(priv->handle); - BUG_ON(priv->handle->usecount < 0); } if (!atomic_dec_return(&priv->count)) { if (priv->handle) -- cgit v1.2.3