Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / 9ad8692a016fb971e0cd96966a19d0d9baad7c06^! / . / drivers / gpu / msm / kgsl_device.h
commit9ad8692a016fb971e0cd96966a19d0d9baad7c06[log] [tgz]
authorJeremy Gebben <jgebben@codeaurora.org>Tue May 08 15:33:23 2012 -0600
committerLinux Build Service Account <lnxbuild@localhost>Tue May 22 13:17:40 2012 -0600
tree18ddb239aa02a8c2e36ea61f68a4f8d597201d6d
parentebdd79ed744d4ea5b32e555eb511ed3b7e6834db [diff] [blame]
msm: kgsl: reference count struct kgsl_context

Per-context timestamps introduced a race condition
between the context destroy ioctl and the waittimestamp
ioctl. The waittimestamp ioctl release device->mutex
while it is waiting to prevent deadlock. It also has
a context pointer, which could be freed from a different
thread while the waiting thread was blocked.

Fix this by adding a reference count to the context
structure, which must be held by any code that maintains
a pointer to a context while the device mutex is not
held. Currently this only happens via waittimestamp.

The "main" reference count removed by userspace
requesting the context to be destroyed. When this
happens kgsl_context_detach() is called, which does
a partial cleanup of the context so that it can
no longer be used to issue commands. Once a context
has been detached, its id field is set to
KGSL_CONTEXT_INVALID. Unfortunately this is needed
by adreno_waittimestamp() so it can correctly stop
waiting in this case. Cleaning up adreno_waittimestamp()
will need to be handled in a separate patch.

CRs-Fixed: 355155
Change-Id: Ib934b467cd077b5ee774de5f297660e418d693e5
Signed-off-by: Jeremy Gebben <jgebben@codeaurora.org>

diff --git a/drivers/gpu/msm/kgsl_device.h b/drivers/gpu/msm/kgsl_device.h
index 0964458..5b6522a 100644
--- a/drivers/gpu/msm/kgsl_device.h
+++ b/drivers/gpu/msm/kgsl_device.h

@@ -220,6 +220,7 @@
 	.last_expired_ctxt_id = KGSL_CONTEXT_INVALID
 
 struct kgsl_context {
+	struct kref refcount;
 	uint32_t id;
 
 	/* Pointer to the owning device instance */
@@ -380,4 +381,32 @@
 	return pdev->dev.platform_data;
 }
 
+/**
+ * kgsl_context_get - Get context reference count
+ * @context
+ *
+ * Asynchronous code that holds a pointer to a context
+ * must hold a reference count on it. The kgsl device
+ * mutex must be held while the context reference count
+ * is changed.
+ */
+static inline void
+kgsl_context_get(struct kgsl_context *context)
+{
+	kref_get(&context->refcount);
+}
+
+void kgsl_context_destroy(struct kref *kref);
+
+/**
+ * kgsl_context_put - Release context reference count
+ * @context
+ *
+ */
+static inline void
+kgsl_context_put(struct kgsl_context *context)
+{
+	kref_put(&context->refcount, kgsl_context_destroy);
+}
+
 #endif  /* __KGSL_DEVICE_H */