From 705db77517887eb58b2e73bb8c1b64b7878cd9fa Mon Sep 17 00:00:00 2001
From: Wenkui <kui.wen@intel.com>
Date: Thu, 14 Nov 2024 02:34:55 +0000
Subject: [PATCH] I915: optimize create/remove syfs entry for memtrack
 interface

Fix the panic issue:

[   28.635141] BUG: unable to handle page fault for address: 0000000110874038
[   28.637556] #PF: supervisor read access in kernel mode
[   28.638812] #PF: error_code(0x0000) - not-present page
[   28.639678] PGD 0 P4D 0
[   28.640076] Oops: 0000 [#1] PREEMPT SMP NOPTI
[   28.641086] CPU: 0 PID: 1220 Comm: HwBinder:535_4 Tainted: G S   U  W  O       6.1.105-android14-0-g30187d714e80-dirty #8
[   28.643061] RIP: 0010:strlen+0x10/0x30
[   28.643603] Code: cc cc cc cc cc 00 00 cc cc 00 90 90 90 90 90 90 90 90 90 90 90 b8 6f 23 7e aa 55 48 89 e5 48 c7 c0 ff ff ff ff 0f 1f 44 00 00 <80> 7c 07 01 00 48 8d 40 01 75 f5 5d c3 cc cc cc cc cc 00 00 cc cc
[   28.646457] RSP: 0018:ffffbe58c4ad3cd8 EFLAGS: 00010202
[   28.647788] RAX: ffffffffffffffff RBX: 0000000110874038 RCX: 0000000000000001
[   28.649613] RDX: 0000000000000000 RSI: 0000000110874038 RDI: 0000000110874038
[   28.651425] RBP: ffffbe58c4ad3cd8 R08: 0000000000000001 R09: 0000000000000000
[   28.652841] R10: 0000000000000000 R11: ffffffff8a0e7160 R12: ffff9947ac97e1b8
[   28.654287] R13: 0000000000000011 R14: 0000000000000000 R15: ffff99478fd15a10
[   28.655991] FS:  000077b35c92e000(0000) GS:ffff994d63600000(0000) knlGS:0000000000000000
[   28.657640] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   28.658560] CR2: 0000000110874038 CR3: 0000000109af4002 CR4: 0000000000770eb0
[   28.659677] PKRU: 55555554
[   28.660122] Call Trace:
[   28.660535]  <TASK>
[   28.660902]  ? __die_body+0x68/0xb0
[   28.661525]  ? __die+0x9f/0xb0
[   28.662022]  ? page_fault_oops+0x364/0x3c0
[   28.662673]  ? lock_release+0x87/0x490
[   28.663317]  ? probe_sched_wakeup+0x2f/0x40
[   28.664394]  ? do_user_addr_fault+0x6d0/0x740
[   28.664938]  ? rcu_read_unlock+0x5f/0x70
[   28.665580]  ? irqentry_enter+0x34/0x50
[   28.666366]  ? exc_page_fault+0x41/0x110
[   28.667147]  ? exc_page_fault+0x7b/0x110
[   28.667999]  ? asm_exc_page_fault+0x27/0x30
[   28.668910]  ? __cfi_x2apic_send_IPI+0x10/0x10
[   28.670128]  ? strlen+0x10/0x30
[   28.671099]  kernfs_find_ns+0x74/0x200
[   28.671908]  kernfs_remove_by_name_ns+0x4b/0xb0
[   28.672862]  i915_gem_remove_sysfs_file_entry+0xe6/0x130
[   28.673926]  i915_driver_postclose+0x4c/0xa0

Tracked-On: OAM-126310
Signed-off-by: Wenkui <kui.wen@intel.com>
---
 drivers/gpu/drm/i915/i915_gpu_error.h |  1 +
 drivers/gpu/drm/i915/i915_sysfs.c     | 21 +++++++++++++++------
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/drivers/gpu/drm/i915/i915_gpu_error.h b/drivers/gpu/drm/i915/i915_gpu_error.h
index 666f307ad1784..227cb4cc4d903 100644
--- a/drivers/gpu/drm/i915/i915_gpu_error.h
+++ b/drivers/gpu/drm/i915/i915_gpu_error.h
@@ -278,6 +278,7 @@ static inline void
 i915_error_state_buf_release(struct drm_i915_error_state_buf *eb)
 {
 	kfree(eb->buf);
+	eb->buf = NULL;
 }
 #endif
 
diff --git a/drivers/gpu/drm/i915/i915_sysfs.c b/drivers/gpu/drm/i915/i915_sysfs.c
index a1a7fc8171b39..483a78f5e2f98 100644
--- a/drivers/gpu/drm/i915/i915_sysfs.c
+++ b/drivers/gpu/drm/i915/i915_sysfs.c
@@ -407,7 +407,7 @@ int i915_gem_create_sysfs_file_entry(struct drm_device *dev,
 		struct drm_i915_file_private *file_priv_local =
 			file_local->driver_priv;
 
-		if (file_priv->tgid == file_priv_local->tgid) {
+		if (pid_nr(file_priv->tgid) == pid_nr(file_priv_local->tgid)) {
 			file_priv->obj_attr = file_priv_local->obj_attr;
 			mutex_unlock(&dev->filelist_mutex);
 			return 0;
@@ -439,7 +439,6 @@ int i915_gem_create_sysfs_file_entry(struct drm_device *dev,
 	obj_attr->attr.mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
 	obj_attr->size = 0;
 	obj_attr->read = i915_gem_read_objects;
-
 	attr_priv->tgid = file_priv->tgid;
 	obj_attr->private = attr_priv;
 
@@ -487,19 +486,29 @@ void i915_gem_remove_sysfs_file_entry(struct drm_device *dev,
 	}
 	mutex_unlock(&dev->filelist_mutex);
 
+	mutex_lock(&drm_global_mutex);
 	if (open_count == 1) {
 		struct i915_gem_file_attr_priv *attr_priv;
 
-		if (WARN_ON(file_priv->obj_attr == NULL))
-			return;
+		if (file_priv->obj_attr == NULL)
+			goto out;
+
 		attr_priv = file_priv->obj_attr->private;
+		if (attr_priv == NULL)
+			goto out;
 
 		sysfs_remove_bin_file(&dev_priv->memtrack_kobj,
 				      file_priv->obj_attr);
-		i915_error_state_buf_release(&attr_priv->buf);
-		kfree(file_priv->obj_attr->private);
+		if (attr_priv->buf.buf)
+			i915_error_state_buf_release(&attr_priv->buf);
+		kfree(attr_priv);
+		attr_priv = NULL;
 		kfree(file_priv->obj_attr);
+		file_priv->obj_attr = NULL;
 	}
+
+out:
+	mutex_unlock(&drm_global_mutex);
 }
 
 static struct bin_attribute i915_gem_client_state_attr = {