21 Feb
2014
21 Feb
'14
7:09 a.m.
On Wed, Jan 29, 2014 at 03:01:53PM +0100, David Herrmann wrote: [...]
diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c index c51333e..d3232b6 100644 --- a/drivers/gpu/drm/drm_stub.c +++ b/drivers/gpu/drm/drm_stub.c @@ -356,6 +356,45 @@ static void drm_unplug_minor(struct drm_minor *minor) }
/**
- drm_minor_acquire - Acquire a DRM minor
- @minor_id: Minor ID of the DRM-minor
- Looks up the given minor-ID and returns the respective DRM-minor object. The
- refence-count of the underlying device is increased so you must release this
- object with drm_minor_release().
- As long as you hold this minor, it is guaranteed that the object and the
- minor->dev pointer will stay valid! However, the device may get unplugged and
- unregistered while you hold the minor.
- Returns:
- Pointer to minor-object with increased device-refcount, or PTR_ERR on
- failure.
- */
+struct drm_minor *drm_minor_acquire(unsigned int minor_id) +{
- struct drm_minor *minor;
- minor = idr_find(&drm_minors_idr, minor_id);
- if (!minor)
return ERR_PTR(-ENODEV);- drm_dev_ref(minor->dev);
Is it possible that somebody would drop the last reference on the device right between the idr_find() call and drm_dev_ref()? In which case both the device and the minor will have become invalid when drm_dev_ref() is called.
Thierry