From 6ee942d5f7e3e630d3a2517e75969ce5d07c87d6 Mon Sep 17 00:00:00 2001 From: Tina Zhang <tina.zhang@intel.com> Date: Fri, 8 Dec 2017 15:17:38 +0800 Subject: [PATCH] drm/i915/gvt: Refine dmabuf_obj cleanup process In the process of dmabuf_obj cleanup, the dmabuf_obj might be freed during dmabuf_obj_put leaking intel_gvt_hypervisor_put_vfio_device. Move intel_gvt_hypervisor_put_vfio_device and all the other dmabuf_obj ops in front of dmabuf_obj_put and let every dmabuf_obj have a chance to call intel_gvt_hypervisor_put_vfio_device to fix this leaking issue. Fixes: e3a0d7976c53 ("drm/i915/gvt: Handle orphan dmabuf_objs") Signed-off-by: Tina Zhang <tina.zhang@intel.com> Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> --- drivers/gpu/drm/i915/gvt/dmabuf.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/i915/gvt/dmabuf.c b/drivers/gpu/drm/i915/gvt/dmabuf.c index 9c40a67ecdd6..2ab584f97dfb 100644 --- a/drivers/gpu/drm/i915/gvt/dmabuf.c +++ b/drivers/gpu/drm/i915/gvt/dmabuf.c @@ -520,19 +520,18 @@ void intel_vgpu_dmabuf_cleanup(struct intel_vgpu *vgpu) list_for_each_safe(pos, n, &vgpu->dmabuf_obj_list_head) { dmabuf_obj = container_of(pos, struct intel_vgpu_dmabuf_obj, list); + dmabuf_obj->vgpu = NULL; + + idr_remove(&vgpu->object_idr, dmabuf_obj->dmabuf_id); + intel_gvt_hypervisor_put_vfio_device(vgpu); + list_del(pos); + + /* dmabuf_obj might be freed in dmabuf_obj_put */ if (dmabuf_obj->initref) { dmabuf_obj->initref = false; dmabuf_obj_put(dmabuf_obj); } - idr_remove(&vgpu->object_idr, dmabuf_obj->dmabuf_id); - - if (dmabuf_obj->vgpu) - intel_gvt_hypervisor_put_vfio_device(vgpu); - - list_del(pos); - dmabuf_obj->vgpu = NULL; - } mutex_unlock(&vgpu->dmabuf_lock); } -- GitLab