video: tegra: host: Prevent the race between channel open and close
Gagan Grover [Fri, 4 Nov 2016 11:09:33 +0000 (16:09 +0530)]
Moved fd_install() at the end of the channel_open ioctl. So, the fd
can't be used until open ioctl completes.

Bug 1832094

Change-Id: Ib33d43bf5164418a38f98677d4e3295f3d1c1450
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: http://git-master/r/1248180
(cherry picked from commit e6a41d5c0049c2878543006b67b7ee2b2bbda2ab)
Reviewed-on: http://git-master/r/1249505
Reviewed-by: Winnie Hsu <whsu@nvidia.com>
Tested-by: Winnie Hsu <whsu@nvidia.com>

drivers/video/tegra/host/bus_client.c

index 267a977..ee21c80 100644 (file)
@@ -785,7 +785,6 @@ static long nvhost_channelctl(struct file *filp,
                        put_unused_fd(fd);
                        break;
                }
-               fd_install(fd, file);
 
                err = __nvhost_channelopen(NULL, priv->ch, file);
                if (err) {
@@ -795,6 +794,7 @@ static long nvhost_channelctl(struct file *filp,
                }
 
                ((struct nvhost_channel_open_args *)buf)->channel_fd = fd;
+               fd_install(fd, file);
                break;
        }
        case NVHOST_IOCTL_CHANNEL_GET_SYNCPOINTS: