diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 5b3e3fdc1599..71065b03012a 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -93,6 +93,7 @@ static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen) static void dma_buf_release(struct dentry *dentry) { + struct dma_buf_ext *dmabuf_ext; struct dma_buf *dmabuf; dmabuf = dentry->d_fsdata; @@ -115,13 +116,13 @@ static void dma_buf_release(struct dentry *dentry) if (dmabuf->resv == (struct dma_resv *)&dmabuf[1]) dma_resv_fini(dmabuf->resv); - if (atomic64_read(&dmabuf->num_unique_refs)) + dmabuf_ext = get_dmabuf_ext(dmabuf); + if (atomic64_read(&dmabuf_ext->num_unique_refs)) pr_err("destroying dmabuf with non-zero task refs\n"); - WARN_ON(!list_empty(&dmabuf->attachments)); module_put(dmabuf->owner); kfree(dmabuf->name); - kfree(dmabuf); + kfree(dmabuf_ext); } static int dma_buf_file_release(struct inode *inode, struct file *file) @@ -221,8 +222,7 @@ static int new_task_dmabuf_record(struct task_struct *task, struct dma_buf *dmab rec->dmabuf = dmabuf; rec->refcnt = 1; list_add(&rec->node, &dmabuf_info->dmabufs); - - atomic64_inc(&dmabuf->num_unique_refs); + atomic64_inc(&get_dmabuf_ext(dmabuf)->num_unique_refs); return 0; } @@ -312,7 +312,7 @@ void dma_buf_unaccount_task(struct dma_buf *dmabuf, struct task_struct *task) list_del(&rec->node); kfree(rec); dmabuf_info->rss -= dmabuf->size; - atomic64_dec(&dmabuf->num_unique_refs); + atomic64_dec(&get_dmabuf_ext(dmabuf)->num_unique_refs); } err: spin_unlock(&dmabuf_info->lock); @@ -831,10 +831,11 @@ err_alloc_file: */ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) { + struct dma_buf_ext *dmabuf_ext; struct dma_buf *dmabuf; struct dma_resv *resv = exp_info->resv; struct file *file; - size_t alloc_size = sizeof(struct dma_buf); + size_t alloc_size = sizeof(struct dma_buf_ext); int ret; if (WARN_ON(!exp_info->priv || !exp_info->ops @@ -864,12 +865,13 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) else /* prevent &dma_buf[1] == dma_buf->resv */ alloc_size += 1; - dmabuf = kzalloc(alloc_size, GFP_KERNEL); - if (!dmabuf) { + dmabuf_ext = kzalloc(alloc_size, GFP_KERNEL); + if (!dmabuf_ext) { ret = -ENOMEM; goto err_file; } + dmabuf = &dmabuf_ext->dmabuf; dmabuf->priv = exp_info->priv; dmabuf->ops = exp_info->ops; dmabuf->size = exp_info->size; @@ -888,7 +890,7 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) dmabuf->resv = resv; } - atomic64_set(&dmabuf->num_unique_refs, 0); + atomic64_set(&dmabuf_ext->num_unique_refs, 0); file->private_data = dmabuf; file->f_path.dentry->d_fsdata = dmabuf; diff --git a/fs/proc/base.c b/fs/proc/base.c index 0a3f28f7f1d9..3d78cd1286a5 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -3437,7 +3437,7 @@ static int proc_dmabuf_pss_show(struct seq_file *m, struct pid_namespace *ns, spin_lock(&dmabuf_info->lock); list_for_each_entry(rec, &dmabuf_info->dmabufs, node) { - s64 refs = atomic64_read(&rec->dmabuf->num_unique_refs); + s64 refs = atomic64_read(&get_dmabuf_ext(rec->dmabuf)->num_unique_refs); if (refs <= 0) { pr_err("dmabuf has <= refs %lld\n", refs); diff --git a/include/linux/dma-buf.h b/include/linux/dma-buf.h index 654085da8bc4..d9487fb2e549 100644 --- a/include/linux/dma-buf.h +++ b/include/linux/dma-buf.h @@ -535,6 +535,11 @@ struct dma_buf { } *sysfs_entry; #endif + ANDROID_KABI_RESERVE(1); + ANDROID_KABI_RESERVE(2); +}; + +struct dma_buf_ext { /** * @num_unique_refs: * @@ -542,10 +547,18 @@ struct dma_buf { */ atomic64_t num_unique_refs; - ANDROID_KABI_RESERVE(1); - ANDROID_KABI_RESERVE(2); + /* + * dma_buf can have a reservation object after it, so keep this member + * at the end of this structure. + */ + struct dma_buf dmabuf; }; +static inline struct dma_buf_ext *get_dmabuf_ext(struct dma_buf *dmabuf) +{ + return container_of(dmabuf, struct dma_buf_ext, dmabuf); +} + /** * struct dma_buf_attach_ops - importer operations for an attachment *