forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

CHROMIUM: android: Unconditionally remove callbacks in sync_fence_free()

Browse source 
Using fence->status to determine whether or not there are callbacks
remaining on the sync_fence is racy since fence->status may have been
decremented to 0 on another CPU before fence_check_cb_func() has
completed.  By unconditionally calling fence_remove_callback() for each
fence in the sync_fence, we guarantee that each callback has either
completed (since fence_remove_callback() grabs the fence lock) or been
removed.

BUG=chrome-os-partner:46382
TEST=Reboot cycle test on Smaug; no crashes seen.

Change-Id: I837180ef633aed3c5ae1e52e0d6ded838342b8fa
Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/305331
Reviewed-by: Puneet Kumar <puneetster@chromium.org>
This commit is contained in:
Andrew Bresticker 2015-10-12 13:31:45 -07:00 committed by John Stultz
commit 46dfd401fb
1 changed files with 2 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
drivers/staging/android/sync.c
View file

@ -527,12 +527,10 @@ static const struct fence_ops android_fence_ops = {
static void sync_fence_free(struct kref *kref)
{
struct sync_fence *fence = container_of(kref, struct sync_fence, kref);
int i, status = atomic_read(&fence->status);
int i;
for (i = 0; i < fence->num_fences; ++i) {
if (status)
fence_remove_callback(fence->cbs[i].sync_pt,
&fence->cbs[i].cb);
fence_remove_callback(fence->cbs[i].sync_pt, &fence->cbs[i].cb);
fence_put(fence->cbs[i].sync_pt);
}