mirror of
git://nv-tegra.nvidia.com/linux-nv-oot.git
synced 2025-12-24 10:11:26 +03:00
678dc695bb
When one process is trying to duplicate RO handle while other process is trying to free the same RO handle, then race can occur and second process can decrement the dma-buf's refcount and it may reach to 0. The first process can then call get_dma_buf on it, leading to NULL pointer dereference and ultimately to kernel panic. Fix this by taking an extra dma-buf refcount before duplicating the handle and then decrease it once duplication is completed. Bug 3991243 Change-Id: I99901ce19d8a5d23c5192cb10a17efd2ebaf9d3a Signed-off-by: Ketan Patil <ketanp@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvidia/+/2865519 Reviewed-by: svc_kernel_abi <svc_kernel_abi@nvidia.com> Reviewed-by: svcacv <svcacv@nvidia.com> Reviewed-by: Krishna Reddy <vdumpa@nvidia.com> GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>