[PATCH 28/30] staging: sync: Fix race condition between merge and signal

From: John Stultz
Date: Thu Feb 28 2013 - 19:44:33 EST

Next message: John Stultz: "[PATCH 30/30] staging: sync: Fix timeout = 0 wait behavior"
Previous message: John Stultz: "[PATCH 26/30] staging: sw_sync: Convert to use new value_str debug ops"
In reply to: John Stultz: "[PATCH 26/30] staging: sw_sync: Convert to use new value_str debug ops"
Next in thread: John Stultz: "[PATCH 30/30] staging: sync: Fix timeout = 0 wait behavior"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ãrjan Eide <orjan.eide@xxxxxxx>

The copied sync_pt was activated immediately. If the sync_pt was
signaled before the entire merge was completed, the new fence's pt_list
could be iterated over while it is still in the process of being
created.

Moving the the sync_pt_activate call for all new sync_pts to after both
the sync_fence_copy_pts and the sync_fence_merge_pts calls ensure that
the pt_list is complete and immutable before it can be reached from the
timeline's active list.

Cc: Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxxxxx>
Cc: Erik Gilling <konkers@xxxxxxxxxxx>
Cc: Daniel Vetter <daniel.vetter@xxxxxxxx>
Cc: Rob Clark <robclark@xxxxxxxxx>
Cc: Sumit Semwal <sumit.semwal@xxxxxxxxxx>
Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: dri-devel@xxxxxxxxxxxxxxxxxxxxx
Cc: Android Kernel Team <kernel-team@xxxxxxxxxxx>
Signed-off-by: Erik Gilling <konkers@xxxxxxxxxxx>
Signed-off-by: John Stultz <john.stultz@xxxxxxxxxx>
---
drivers/staging/android/sync.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c
index 1ddc404..bd18c75 100644
--- a/drivers/staging/android/sync.c
+++ b/drivers/staging/android/sync.c
@@ -324,7 +324,6 @@ static int sync_fence_copy_pts(struct sync_fence *dst, struct sync_fence *src)

new_pt->fence = dst;
list_add(&new_pt->pt_list, &dst->pt_list_head);
- sync_pt_activate(new_pt);
}

return 0;
@@ -357,7 +356,6 @@ static int sync_fence_merge_pts(struct sync_fence *dst, struct sync_fence *src)
new_pt->fence = dst;
list_replace(&dst_pt->pt_list,
&new_pt->pt_list);
- sync_pt_activate(new_pt);
sync_pt_free(dst_pt);
}
collapsed = true;
@@ -373,7 +371,6 @@ static int sync_fence_merge_pts(struct sync_fence *dst, struct sync_fence *src)

new_pt->fence = dst;
list_add(&new_pt->pt_list, &dst->pt_list_head);
- sync_pt_activate(new_pt);
}
}

@@ -454,6 +451,7 @@ struct sync_fence *sync_fence_merge(const char *name,
struct sync_fence *a, struct sync_fence *b)
{
struct sync_fence *fence;
+ struct list_head *pos;
int err;

fence = sync_fence_alloc(name);
@@ -468,6 +466,12 @@ struct sync_fence *sync_fence_merge(const char *name,
if (err < 0)
goto err;

+ list_for_each(pos, &fence->pt_list_head) {
+ struct sync_pt *pt =
+ container_of(pos, struct sync_pt, pt_list);
+ sync_pt_activate(pt);
+ }
+
/*
* signal the fence in case one of it's pts were activated before
* they were activated
--
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John Stultz: "[PATCH 30/30] staging: sync: Fix timeout = 0 wait behavior"
Previous message: John Stultz: "[PATCH 26/30] staging: sw_sync: Convert to use new value_str debug ops"
In reply to: John Stultz: "[PATCH 26/30] staging: sw_sync: Convert to use new value_str debug ops"
Next in thread: John Stultz: "[PATCH 30/30] staging: sync: Fix timeout = 0 wait behavior"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]