From 9b3d9f917f81aed559d19377c11d6fac3db89fd7 Mon Sep 17 00:00:00 2001 From: Tomer Tayar Date: Thu, 15 Dec 2022 16:36:53 +0200 Subject: [PATCH] habanalabs: fix dma-buf release handling if dma_buf_fd() fails The dma-buf private object is freed if a call to dma_buf_fd() fails, and because a file was already associated with the dma-buf in dma_buf_export(), the release op will be called and will use this object. Mark the 'priv' field as NULL in this case, and avoid accessing it from the release op. Signed-off-by: Tomer Tayar Reviewed-by: Oded Gabbay Signed-off-by: Oded Gabbay --- drivers/misc/habanalabs/common/memory.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/misc/habanalabs/common/memory.c b/drivers/misc/habanalabs/common/memory.c index 6934563667535..a2d24c9a3d1e7 100644 --- a/drivers/misc/habanalabs/common/memory.c +++ b/drivers/misc/habanalabs/common/memory.c @@ -1782,7 +1782,12 @@ static void hl_unmap_dmabuf(struct dma_buf_attachment *attachment, static void hl_release_dmabuf(struct dma_buf *dmabuf) { struct hl_dmabuf_priv *hl_dmabuf = dmabuf->priv; - struct hl_ctx *ctx = hl_dmabuf->ctx; + struct hl_ctx *ctx; + + if (!hl_dmabuf) + return; + + ctx = hl_dmabuf->ctx; if (hl_dmabuf->memhash_hnode) { mutex_lock(&ctx->mem_hash_lock); @@ -1822,7 +1827,7 @@ static int export_dmabuf(struct hl_ctx *ctx, fd = dma_buf_fd(hl_dmabuf->dmabuf, flags); if (fd < 0) { - dev_err(hdev->dev, "failed to get a file descriptor for a dma-buf\n"); + dev_err(hdev->dev, "failed to get a file descriptor for a dma-buf, %d\n", fd); rc = fd; goto err_dma_buf_put; } @@ -1835,6 +1840,7 @@ static int export_dmabuf(struct hl_ctx *ctx, return 0; err_dma_buf_put: + hl_dmabuf->dmabuf->priv = NULL; dma_buf_put(hl_dmabuf->dmabuf); return rc; } -- 2.39.5