From c4e16abf94bc5c7c0c6aba8a32c5ceab6369f2fe Mon Sep 17 00:00:00 2001
From: Deepak Kumar <dkumar@codeaurora.org>
Date: Fri, 16 Feb 2018 11:46:26 +0530
Subject: [PATCH] msm: kgsl: Prevent race condition when freeing memory

Add a check to set the pending_free flag if it is not already
set before freeing sparse memory entry. This is required to
prevent multiple ioctl threads from freeing the same sparse
memory entry.

Change-Id: I4e2bbe6fcd98c58d36340c4f87cdff27fc1de22e
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>
---
 drivers/gpu/msm/kgsl.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/drivers/gpu/msm/kgsl.c b/drivers/gpu/msm/kgsl.c
index 294e9ac8dbc6..cc3e79dc29bf 100644
--- a/drivers/gpu/msm/kgsl.c
+++ b/drivers/gpu/msm/kgsl.c
@@ -3356,7 +3356,13 @@ long kgsl_ioctl_sparse_phys_free(struct kgsl_device_private *dev_priv,
 	if (entry == NULL)
 		return -EINVAL;
 
+	if (!kgsl_mem_entry_set_pend(entry)) {
+		kgsl_mem_entry_put(entry);
+		return -EBUSY;
+	}
+
 	if (entry->memdesc.cur_bindings != 0) {
+		kgsl_mem_entry_unset_pend(entry);
 		kgsl_mem_entry_put(entry);
 		return -EINVAL;
 	}
@@ -3425,7 +3431,13 @@ long kgsl_ioctl_sparse_virt_free(struct kgsl_device_private *dev_priv,
 	if (entry == NULL)
 		return -EINVAL;
 
+	if (!kgsl_mem_entry_set_pend(entry)) {
+		kgsl_mem_entry_put(entry);
+		return -EBUSY;
+	}
+
 	if (entry->bind_tree.rb_node != NULL) {
+		kgsl_mem_entry_unset_pend(entry);
 		kgsl_mem_entry_put(entry);
 		return -EINVAL;
 	}