diff options
Diffstat (limited to 'drivers/android/binder_alloc.c')
| -rw-r--r-- | drivers/android/binder_alloc.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index 8fe165844e47..064f5e31ec55 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c | |||
| @@ -913,6 +913,7 @@ enum lru_status binder_alloc_free_page(struct list_head *item, | |||
| 913 | struct binder_alloc *alloc; | 913 | struct binder_alloc *alloc; |
| 914 | uintptr_t page_addr; | 914 | uintptr_t page_addr; |
| 915 | size_t index; | 915 | size_t index; |
| 916 | struct vm_area_struct *vma; | ||
| 916 | 917 | ||
| 917 | alloc = page->alloc; | 918 | alloc = page->alloc; |
| 918 | if (!mutex_trylock(&alloc->mutex)) | 919 | if (!mutex_trylock(&alloc->mutex)) |
| @@ -923,16 +924,22 @@ enum lru_status binder_alloc_free_page(struct list_head *item, | |||
| 923 | 924 | ||
| 924 | index = page - alloc->pages; | 925 | index = page - alloc->pages; |
| 925 | page_addr = (uintptr_t)alloc->buffer + index * PAGE_SIZE; | 926 | page_addr = (uintptr_t)alloc->buffer + index * PAGE_SIZE; |
| 926 | if (alloc->vma) { | 927 | vma = alloc->vma; |
| 928 | if (vma) { | ||
| 927 | mm = get_task_mm(alloc->tsk); | 929 | mm = get_task_mm(alloc->tsk); |
| 928 | if (!mm) | 930 | if (!mm) |
| 929 | goto err_get_task_mm_failed; | 931 | goto err_get_task_mm_failed; |
| 930 | if (!down_write_trylock(&mm->mmap_sem)) | 932 | if (!down_write_trylock(&mm->mmap_sem)) |
| 931 | goto err_down_write_mmap_sem_failed; | 933 | goto err_down_write_mmap_sem_failed; |
| 934 | } | ||
| 935 | |||
| 936 | list_lru_isolate(lru, item); | ||
| 937 | spin_unlock(lock); | ||
| 932 | 938 | ||
| 939 | if (vma) { | ||
| 933 | trace_binder_unmap_user_start(alloc, index); | 940 | trace_binder_unmap_user_start(alloc, index); |
| 934 | 941 | ||
| 935 | zap_page_range(alloc->vma, | 942 | zap_page_range(vma, |
| 936 | page_addr + alloc->user_buffer_offset, | 943 | page_addr + alloc->user_buffer_offset, |
| 937 | PAGE_SIZE); | 944 | PAGE_SIZE); |
| 938 | 945 | ||
| @@ -950,13 +957,12 @@ enum lru_status binder_alloc_free_page(struct list_head *item, | |||
| 950 | 957 | ||
| 951 | trace_binder_unmap_kernel_end(alloc, index); | 958 | trace_binder_unmap_kernel_end(alloc, index); |
| 952 | 959 | ||
| 953 | list_lru_isolate(lru, item); | 960 | spin_lock(lock); |
| 954 | |||
| 955 | mutex_unlock(&alloc->mutex); | 961 | mutex_unlock(&alloc->mutex); |
| 956 | return LRU_REMOVED; | 962 | return LRU_REMOVED_RETRY; |
| 957 | 963 | ||
| 958 | err_down_write_mmap_sem_failed: | 964 | err_down_write_mmap_sem_failed: |
| 959 | mmput(mm); | 965 | mmput_async(mm); |
| 960 | err_get_task_mm_failed: | 966 | err_get_task_mm_failed: |
| 961 | err_page_already_freed: | 967 | err_page_already_freed: |
| 962 | mutex_unlock(&alloc->mutex); | 968 | mutex_unlock(&alloc->mutex); |