From: Tina Zhang <tina.zhang@intel.com>
Date: Fri, 8 Dec 2017 15:17:38 +0800
Subject: drm/i915/gvt: Refine dmabuf_obj cleanup process
Git-commit: 6ee942d5f7e3e630d3a2517e75969ce5d07c87d6
Patch-mainline: v4.16-rc1
References: FATE#326289 FATE#326079 FATE#326049 FATE#322398 FATE#326166
In the process of dmabuf_obj cleanup, the dmabuf_obj might be freed during
dmabuf_obj_put leaking intel_gvt_hypervisor_put_vfio_device.
Move intel_gvt_hypervisor_put_vfio_device and all the other dmabuf_obj ops
in front of dmabuf_obj_put and let every dmabuf_obj have a chance to call
intel_gvt_hypervisor_put_vfio_device to fix this leaking issue.
Fixes: e3a0d7976c53 ("drm/i915/gvt: Handle orphan dmabuf_objs")
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Acked-by: Petr Tesarik <ptesarik@suse.com>
---
drivers/gpu/drm/i915/gvt/dmabuf.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
--- a/drivers/gpu/drm/i915/gvt/dmabuf.c
+++ b/drivers/gpu/drm/i915/gvt/dmabuf.c
@@ -520,19 +520,18 @@ void intel_vgpu_dmabuf_cleanup(struct in
list_for_each_safe(pos, n, &vgpu->dmabuf_obj_list_head) {
dmabuf_obj = container_of(pos, struct intel_vgpu_dmabuf_obj,
list);
+ dmabuf_obj->vgpu = NULL;
+
+ idr_remove(&vgpu->object_idr, dmabuf_obj->dmabuf_id);
+ intel_gvt_hypervisor_put_vfio_device(vgpu);
+ list_del(pos);
+
+ /* dmabuf_obj might be freed in dmabuf_obj_put */
if (dmabuf_obj->initref) {
dmabuf_obj->initref = false;
dmabuf_obj_put(dmabuf_obj);
}
- idr_remove(&vgpu->object_idr, dmabuf_obj->dmabuf_id);
-
- if (dmabuf_obj->vgpu)
- intel_gvt_hypervisor_put_vfio_device(vgpu);
-
- list_del(pos);
- dmabuf_obj->vgpu = NULL;
-
}
mutex_unlock(&vgpu->dmabuf_lock);
}