9 Aug
2017
9 Aug
'17
9:21 p.m.
Quoting Jason Ekstrand (2017-08-08 23:46:02)
The atomic exchange operation we were doing before in replace_fence was sufficient for the case where it raced with itself. However, if you have a race between a replace_fence and dma_fence_get(syncobj->fence), you may end up with the entire replace_fence happening between the point in time where the one thread gets the syncobj->fence pointer and when it calls dma_fence_get() on it. If this happens, then the reference may be dropped before we get a chance to get a new one.
This doesn't require a spinlock, just dma_fence_get_rcu_safe(). The argument for keeping this patch lies in the merit of later patches.. -Chris