From 5b4f3d16080fa294d95bc6d6af54d42b54f0f535 Mon Sep 17 00:00:00 2001
From: Lynus Vaz <lvaz@codeaurora.org>
Date: Fri, 8 Sep 2017 17:27:56 +0530
Subject: [PATCH] msm: kgsl: Bail out when two threads add sparse bindings

If we find that a different thread has already added bindings at the
same offset we wanted to add to the sparse object, don't get stuck in
an infinite loop, and return with an error.

Change-Id: I6b17c91eccb14c07e13cae24135dfe7b13f3301d
Signed-off-by: Lynus Vaz <lvaz@codeaurora.org>
---
 drivers/gpu/msm/kgsl.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/msm/kgsl.c b/drivers/gpu/msm/kgsl.c
index c46d5ee3c468..32201280284e 100644
--- a/drivers/gpu/msm/kgsl.c
+++ b/drivers/gpu/msm/kgsl.c
@@ -3467,10 +3467,16 @@ static int _sparse_add_to_bind_tree(struct kgsl_mem_entry *entry,
 		parent = *node;
 		this = rb_entry(parent, struct sparse_bind_object, node);
 
-		if (new->v_off < this->v_off)
+		if ((new->v_off < this->v_off) &&
+			((new->v_off + new->size) <= this->v_off))
 			node = &parent->rb_left;
-		else if (new->v_off > this->v_off)
+		else if ((new->v_off > this->v_off) &&
+			(new->v_off >= (this->v_off + this->size)))
 			node = &parent->rb_right;
+		else {
+			kfree(new);
+			return -EADDRINUSE;
+		}
 	}
 
 	rb_link_node(&new->node, parent, node);