commit 83e3dab069c2b7620e921edcfcaf9922a6945897
author Rebecca Schultz Zavin <rebecca@android.com> Fri Jul 01 20:41:25 2011 -0700
committer Rebecca Schultz Zavin <rebecca@android.com> Fri Jul 01 20:57:27 2011 -0700
tree 0ccdc92cb5a8c6961ef84876e768259001e7549b
parent b9ea0a971aad8721742ab2a3962350125260b6c0

gpu: ion: Fix bug in ion_client_create

If a process already had a client, ion_client_create
would loop forever.

Change-Id: I723207b5872dfc11be04ca27d38a3cf39c4a1426
Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>

drivers/gpu/ion/ion.c

diff --git a/drivers/gpu/ion/ion.c b/drivers/gpu/ion/ion.c
index 6805888..1a63ebf 100644
--- a/drivers/gpu/ion/ion.c
+++ b/drivers/gpu/ion/ion.c
@@ -594,6 +594,29 @@
 	.release = single_release,
 };
 
+static struct ion_client *ion_client_lookup(struct ion_device *dev,
+					    struct task_struct *task)
+{
+	struct rb_node *n = dev->user_clients.rb_node;
+	struct ion_client *client;
+
+	mutex_lock(&dev->lock);
+	while (n) {
+		client = rb_entry(n, struct ion_client, node);
+		if (task == client->task) {
+			ion_client_get(client);
+			mutex_unlock(&dev->lock);
+			return client;
+		} else if (task < client->task) {
+			n = n->rb_left;
+		} else if (task > client->task) {
+			n = n->rb_right;
+		}
+	}
+	mutex_unlock(&dev->lock);
+	return NULL;
+}
+
 struct ion_client *ion_client_create(struct ion_device *dev,
 				     unsigned int heap_mask,
 				     const char *name)
@@ -604,18 +627,11 @@
 	struct rb_node *parent = NULL;
 	struct ion_client *entry;
 	char debug_name[64];
+	pid_t pid;
 
-	client = kzalloc(sizeof(struct ion_client), GFP_KERNEL);
-	if (!client)
-		return ERR_PTR(-ENOMEM);
-	client->dev = dev;
-	client->handles = RB_ROOT;
-	mutex_init(&client->lock);
-	client->name = name;
-	client->heap_mask = heap_mask;
 	get_task_struct(current->group_leader);
 	task_lock(current->group_leader);
-	client->pid = task_pid_nr(current->group_leader);
+	pid = task_pid_nr(current->group_leader);
 	/* don't bother to store task struct for kernel threads,
 	   they can't be killed anyway */
 	if (current->group_leader->flags & PF_KTHREAD) {
@@ -625,7 +641,30 @@
 		task = current->group_leader;
 	}
 	task_unlock(current->group_leader);
+
+	/* if this isn't a kernel thread, see if a client already
+	   exists */
+	if (task) {
+		client = ion_client_lookup(dev, task);
+		if (!IS_ERR_OR_NULL(client)) {
+			put_task_struct(current->group_leader);
+			return client;
+		}
+	}
+
+	client = kzalloc(sizeof(struct ion_client), GFP_KERNEL);
+	if (!client) {
+		put_task_struct(current->group_leader);
+		return ERR_PTR(-ENOMEM);
+	}
+
+	client->dev = dev;
+	client->handles = RB_ROOT;
+	mutex_init(&client->lock);
+	client->name = name;
+	client->heap_mask = heap_mask;
 	client->task = task;
+	client->pid = pid;
 	kref_init(&client->ref);
 
 	mutex_lock(&dev->lock);
@@ -690,29 +729,6 @@
 	kfree(client);
 }
 
-static struct ion_client *ion_client_lookup(struct ion_device *dev,
-					    struct task_struct *task)
-{
-	struct rb_node *n = dev->user_clients.rb_node;
-	struct ion_client *client;
-
-	mutex_lock(&dev->lock);
-	while (n) {
-		client = rb_entry(n, struct ion_client, node);
-		if (task == client->task) {
-			ion_client_get(client);
-			mutex_unlock(&dev->lock);
-			return client;
-		} else if (task < client->task) {
-			n = n->rb_left;
-		} else if (task > client->task) {
-			n = n->rb_right;
-		}
-	}
-	mutex_unlock(&dev->lock);
-	return NULL;
-}
-
 static void _ion_client_destroy(struct kref *kref)
 {
 	struct ion_client *client = container_of(kref, struct ion_client, ref);