video: tegra: nvmap: fix handle usecount tracking
Tuomas Tynkkynen [Wed, 15 Aug 2012 14:54:38 +0000 (17:54 +0300)]
A handle's usecount used to be incremented once during the mmap ioctl,
and decremented when the mapping is closed by the kernel. However, that
fails if a mapping cloned, for example if the mapping was split due to
a munmap, or (presumably) during fork, as the decrement will then happen
for each cloned mapping.

Therefore increment the usecount when a mapping is opened.
Also fix a BUG_ON() that would have caught this bug, if it wouldn't
have done the check by checking if the unsigned usecount field is
less than zero.

Bug 1033981

Change-Id: I72ac9361a19e44f91ffd6b1126f4632e0f7b6726
Signed-off-by: Tuomas Tynkkynen <ttynkkynen@nvidia.com>
Reviewed-on: http://git-master/r/123710
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Krishna Reddy <vdumpa@nvidia.com>

drivers/video/tegra/nvmap/nvmap_dev.c

index 98b0bcc..02ccaee 100644 (file)
@@ -886,10 +886,11 @@ static void nvmap_vma_open(struct vm_area_struct *vma)
        struct nvmap_vma_priv *priv;
 
        priv = vma->vm_private_data;
-
        BUG_ON(!priv);
 
        atomic_inc(&priv->count);
+       if(priv->handle)
+               nvmap_usecount_inc(priv->handle);
 }
 
 static void nvmap_vma_close(struct vm_area_struct *vma)
@@ -898,8 +899,8 @@ static void nvmap_vma_close(struct vm_area_struct *vma)
 
        if (priv) {
                if (priv->handle) {
+                       BUG_ON(priv->handle->usecount == 0);
                        nvmap_usecount_dec(priv->handle);
-                       BUG_ON(priv->handle->usecount < 0);
                }
                if (!atomic_dec_return(&priv->count)) {
                        if (priv->handle)