video: tegra: nvmap: fix use-after-free race condition
Incremented nvmap_handle ref count in utility function
nvmap_get_id_from_dmabuf_fd() before the function release reference
to dma buffer. This is required to avoid race conditions in nvmap
code where nvmap_handle returned by this function could be freed
concurrently while the caller is still using it.
As a side effect of above change, every caller of this utility
function must decrement nvmap_handle ref count after using the
returned nvmap_handle.
Bug
1553082
Change-Id: Iffc2e5819f8b493d5ed95a9d0c422ccd52438965
Signed-off-by: Maneet Singh <mmaneetsingh@nvidia.com>
Reviewed-on: http://git-master/r/498135
(cherry picked from commit
afddea745cc4f4a824be501ecbbb50f55e7e6f04)
Reviewed-on: http://git-master/r/556843
Reviewed-by: Mitch Luban <mluban@nvidia.com>
Tested-by: Mitch Luban <mluban@nvidia.com>
projects / sojka / nv-tegra / linux-3.10.git / commit