diff options
author | Tomer Tayar <ttayar@habana.ai> | 2022-07-29 15:30:48 +0200 |
---|---|---|
committer | Oded Gabbay <ogabbay@kernel.org> | 2022-09-18 12:29:51 +0200 |
commit | 5f46217221dfdda94244d88ac6c1354293fc681b (patch) | |
tree | fd85824f40c113ec56dd03b5c26b9fe12d6b3b0a | |
parent | habanalabs: avoid returning a valid handle if map_block() fails (diff) | |
download | linux-5f46217221dfdda94244d88ac6c1354293fc681b.tar.xz linux-5f46217221dfdda94244d88ac6c1354293fc681b.zip |
habanalabs: fix vma fields assignments order in hl_hw_block_mmap()
In hl_hw_block_mmap(), the vma's 'vm_private_data' and 'vm_ops' fields
are assigned before filling the content of the private data.
In between there is a call to the ASIC hw_block_mmap() function, and if
it fails, the vma close function will be called with a bad private data
value.
Fix the order of assignments to avoid this issue.
In hl_hw_block_mmap() the vma's 'vm_private_data and vm_ops are assigned
before setting the
Signed-off-by: Tomer Tayar <ttayar@habana.ai>
Reviewed-by: Oded Gabbay <ogabbay@kernel.org>
Signed-off-by: Oded Gabbay <ogabbay@kernel.org>
-rw-r--r-- | drivers/misc/habanalabs/common/memory.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/drivers/misc/habanalabs/common/memory.c b/drivers/misc/habanalabs/common/memory.c index 0698c3c363bd..a027fa88889b 100644 --- a/drivers/misc/habanalabs/common/memory.c +++ b/drivers/misc/habanalabs/common/memory.c @@ -1492,23 +1492,22 @@ int hl_hw_block_mmap(struct hl_fpriv *hpriv, struct vm_area_struct *vma) if (!lnode) return -ENOMEM; - vma->vm_ops = &hw_block_vm_ops; - vma->vm_private_data = lnode; - - hl_ctx_get(ctx); - rc = hdev->asic_funcs->hw_block_mmap(hdev, vma, block_id, block_size); if (rc) { - hl_ctx_put(ctx); kfree(lnode); return rc; } + hl_ctx_get(ctx); + lnode->ctx = ctx; lnode->vaddr = vma->vm_start; lnode->size = block_size; lnode->id = block_id; + vma->vm_private_data = lnode; + vma->vm_ops = &hw_block_vm_ops; + mutex_lock(&ctx->hw_block_list_lock); list_add_tail(&lnode->node, &ctx->hw_block_mem_list); mutex_unlock(&ctx->hw_block_list_lock); |