msm: camera: smmu: Use dmabuf inode num as unique identifier

'fd' can be closed in user mode driver, though corresponding dmabuf is still not freed if someone still holding a refCount on that dmabuf, say camera smmu driver holding a refCOunt and has that in its mapping info table. Then the same 'fd' can be allotted for a different buffer in a new allocation. In such cases, if we use 'fd' as identifier in camera smmu driver to check if the buffer is already mapped based on mapping info table, we mistakenly think the new buffer is already mapped which is not the case. DMA buf's inode num is an unique identifier that represents a buffer. Use this along with 'fd' in camera smmu driver to see if the given buffer is already mapped. CRs-Fixed: 2961136 Change-Id: I5baac99e3badaca3a376ecd724a7a7aa6da112a4 Signed-off-by: Pavan Kumar Chilamkurthi <pchilamk@codeaurora.org>
2021-06-03 02:26:57 -07:00
--- a/drivers/cam_req_mgr/cam_mem_mgr.h
+++ b/drivers/cam_req_mgr/cam_mem_mgr.h
@@ -34,6 +34,7 @@ enum cam_smmu_mapping_client {
 * @hdls:        list of mapped handles
 * @num_hdl:     number of handles
 * @fd:          file descriptor of buffer
+ * @i_ino:       inode number of this dmabuf. Uniquely identifies a buffer
 * @buf_handle:  unique handle for buffer
 * @align:       alignment for allocation
 * @len:         size of buffer
@@ -51,6 +52,7 @@ struct cam_mem_buf_queue {
 	int32_t hdls[CAM_MEM_MMU_MAX_HANDLE];
 	int32_t num_hdl;
 	int32_t fd;
+	unsigned long i_ino;
 	int32_t buf_handle;
 	int32_t align;
 	size_t len;