diff options
authorAndrew Bresticker <abrestic@chromium.org>2015-10-12 13:31:45 -0700
committerTom Cherry <tomcherry@google.com>2015-11-06 14:24:53 -0800
commit4f4f7cc39a76fb84ca54631caa9d06dfc12b489d (patch)
parent54a9f8e5ac230b33d8b027b880476d73a4bf5026 (diff)
CHROMIUM: android: Unconditionally remove callbacks in sync_fence_free()
Using fence->status to determine whether or not there are callbacks remaining on the sync_fence is racy since fence->status may have been decremented to 0 on another CPU before fence_check_cb_func() has completed. By unconditionally calling fence_remove_callback() for each fence in the sync_fence, we guarantee that each callback has either completed (since fence_remove_callback() grabs the fence lock) or been removed. BUG=chrome-os-partner:46382 TEST=Reboot cycle test on Smaug; no crashes seen. Change-Id: I837180ef633aed3c5ae1e52e0d6ded838342b8fa Signed-off-by: Andrew Bresticker <abrestic@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/305331 Reviewed-by: Puneet Kumar <puneetster@chromium.org>
1 files changed, 2 insertions, 4 deletions
diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c
index a18d1c55aca6..da101a506cd2 100644
--- a/drivers/staging/android/sync.c
+++ b/drivers/staging/android/sync.c
@@ -527,12 +527,10 @@ static const struct fence_ops android_fence_ops = {
static void sync_fence_free(struct kref *kref)
struct sync_fence *fence = container_of(kref, struct sync_fence, kref);
- int i, status = atomic_read(&fence->status);
+ int i;
for (i = 0; i < fence->num_fences; ++i) {
- if (status)
- fence_remove_callback(fence->cbs[i].sync_pt,
- &fence->cbs[i].cb);
+ fence_remove_callback(fence->cbs[i].sync_pt, &fence->cbs[i].cb);