From: Stanislav Vorobiov <s.vorobiov@samsung.com>
Date: Fri, 19 Jul 2013 16:35:30 +0000 (+0400)
Subject: VIGS: Don't call TTM's vm_close
X-Git-Tag: submit/tizen_common/20140905.094502~144
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e7822c48ebf95463e5e3c4d1b8a4f38944576767;p=sdk%2Femulator%2Femulator-kernel.git

VIGS: Don't call TTM's vm_close

TTM's vm_close sets vm_private_data to NULL even if VMA is
still referenced, we don't want this since this may cause
a NULL pointer dereference. And this indeed happens sometimes
on wayland

Change-Id: Idf4af80ef0d472a1a480491cb56e6cc8d9d39123
---

diff --git a/drivers/gpu/drm/vigs/vigs_mman.c b/drivers/gpu/drm/vigs/vigs_mman.c
index 341f5097cfd2..3e64c66a29f4 100644
--- a/drivers/gpu/drm/vigs/vigs_mman.c
+++ b/drivers/gpu/drm/vigs/vigs_mman.c
@@ -391,7 +391,8 @@ static void vigs_mman_vma_release(struct kref *kref)
 {
     struct vigs_mman_vma *vigs_vma =
         container_of(kref, struct vigs_mman_vma, kref);
-    struct ttm_buffer_object *bo = vigs_vma->vma->vm_private_data;
+    struct vm_area_struct *vma = vigs_vma->vma;
+    struct ttm_buffer_object *bo = vma->vm_private_data;
     struct vigs_mman *mman = bo_dev_to_vigs_mman(bo->bdev);
 
     mman->ops->cleanup_vma(mman->user_data, &vigs_vma->data[0]);
@@ -399,6 +400,12 @@ static void vigs_mman_vma_release(struct kref *kref)
     vigs_vma->vma->vm_ops = &vigs_ttm_vm_ops;
 
     kmem_cache_free(mman->vma_cache, vigs_vma);
+
+    /*
+     * TTM doesn't implement proper reference count for BOs,
+     * so we do it ourselves.
+     */
+    ttm_vm_ops->close(vma);
 }
 
 /*
@@ -560,8 +567,6 @@ static void vigs_ttm_open(struct vm_area_struct *vma)
     struct vigs_mman_vma *vigs_vma = (struct vigs_mman_vma*)vma->vm_ops;
 
     kref_get(&vigs_vma->kref);
-
-    ttm_vm_ops->open(vma);
 }
 
 static void vigs_ttm_close(struct vm_area_struct *vma)
@@ -569,8 +574,6 @@ static void vigs_ttm_close(struct vm_area_struct *vma)
     struct vigs_mman_vma *vigs_vma = (struct vigs_mman_vma*)vma->vm_ops;
 
     kref_put(&vigs_vma->kref, &vigs_mman_vma_release);
-
-    ttm_vm_ops->close(vma);
 }
 
 static int vigs_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)