Linux-ARM-MSM Archive on
 help / color / Atom feed
From: Srinivas Kandagatla <>
To: Jorge Ramirez <>
Cc: Greg KH <>,, linux-arm-msm <>,
	Linux Kernel Mailing List <>,
	Mayank Chopra <>
Subject: Re: [PATCH 4/5] misc: fastrpc: fix double refcounting on dmabuf
Date: Wed, 28 Aug 2019 09:48:03 +0100
Message-ID: <> (raw)
In-Reply-To: <>

On 28/08/2019 08:50, Jorge Ramirez wrote:
> On 8/27/19 23:45, Srinivas Kandagatla wrote:
>> On 23/08/2019 16:23, Jorge Ramirez-Ortiz wrote:
>>> can you add me as a co-author to this patch please?
>> No problem I can do that if you feel so!
> yes please. thanks!
>>> since I spent about a day doing the analysis, sent you  a fix that
>>> maintained the API used by the library and explained you how to
>>> reproduce the issue I think it is just fair. > the  fact that the api
>>> could be be modified and the fix be done a bit
>>> differently- free dma buf ioctl removed- seems just a minor
>>> implementation detail to me.
>> No, that's not true, this is a clear fastrpc design issue.
> IMO the ioctls defines the contract with userspace and the contract
> establishes that userspace must call deallocate. the kernel wrongly
> implemented to that contract since it doesn't handle the cases where
> userspace can't send the release calls which leads to memory leaks. this
> is what I meant by and implementation issue.
> if we had many fastrpc users, rolling out the design change that you
> propose - removing an ioctl- would definitively have an impact. But
> since that is not yet the case, there is not doubt that your patch makes
> more sense.

Exactly before it make a way into other projects!

> but my point was that there is not a huge gap in efforts between doing
> one or the other.

Thats not the point, point is about right fix!

>> Userspace is already doing a refcount via mmap/unmap on that dmabuf fd,
>> having an additional api adds another level of refcount which is totally
>> redundant and is the root cause for this leak.
> yes it is redundant but is not the root cause for this leak. the root
> cause is that the driver doesnt handle the case where userspace didnt or
> was not able to call release (and that is no more than adding allocated
> buffers to a list and clean on exit)

I don't agree with you on that. We should not take an extra refcount in 
first place in driver.

let me explain it one more time!

dmabuf has to be mmaped in userspace app before it is used, and
"Memory mappings that were created in the process shall be unmapped 
before the process is destroyed" so the refcount is taken care by 
mmap/unmap automatically.



  reply index

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-23 10:06 [PATCH 0/5] misc: fastrpc: few fixes Srinivas Kandagatla
2019-08-23 10:06 ` [PATCH 1/5] misc: fastrpc: Reference count channel context Srinivas Kandagatla
2019-08-28 20:53   ` Greg KH
2019-08-23 10:06 ` [PATCH 2/5] misc: fastrpc: Don't reference rpmsg_device after remove Srinivas Kandagatla
2019-08-28 15:41   ` Stephen Boyd
2019-08-23 10:06 ` [PATCH 3/5] misc: fastrpc: remove unused definition Srinivas Kandagatla
2019-08-23 10:06 ` [PATCH 4/5] misc: fastrpc: fix double refcounting on dmabuf Srinivas Kandagatla
     [not found]   ` <>
2019-08-27 21:45     ` Srinivas Kandagatla
2019-08-28  7:50       ` Jorge Ramirez
2019-08-28  8:48         ` Srinivas Kandagatla [this message]
2019-08-28 10:35           ` Jorge Ramirez
2019-08-23 10:06 ` [PATCH 5/5] misc: fastrpc: free dma buf scatter list Srinivas Kandagatla

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-ARM-MSM Archive on

Archives are clonable:
	git clone --mirror linux-arm-msm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-arm-msm linux-arm-msm/ \
	public-inbox-index linux-arm-msm

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone