From bb4aa8a3eab117ce539e9c39a41c7a5223aee2da Mon Sep 17 00:00:00 2001
From: Asahi Lina <lina@asahilina.net>
Date: Wed, 21 Dec 2022 17:25:22 +0900
Subject: [PATCH] panfrost: Fix race condition in BO imports

When importing a BO, if it is already imported, then the handle will
alias an existing BO instance. It is possible for the existing owner to
free the BO after the import and leave a dangling handle before we get a
chance to increase the refcount, so we need to lock the BO table mutex
before importing, to make sure nobody else goes through the free path
during that window.

Reviewed-by: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
Signed-off-by: Asahi Lina <lina@asahilina.net>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/20403>
---
 src/panfrost/lib/pan_bo.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/panfrost/lib/pan_bo.c b/src/panfrost/lib/pan_bo.c
index 145a039092a..a5ca834d942 100644
--- a/src/panfrost/lib/pan_bo.c
+++ b/src/panfrost/lib/pan_bo.c
@@ -464,10 +464,11 @@ panfrost_bo_import(struct panfrost_device *dev, int fd)
    ASSERTED int ret;
    unsigned gem_handle;
 
+   pthread_mutex_lock(&dev->bo_map_lock);
+ 
    ret = drmPrimeFDToHandle(dev->fd, fd, &gem_handle);
    assert(!ret);
 
-   pthread_mutex_lock(&dev->bo_map_lock);
    bo = pan_lookup_bo(dev, gem_handle);
 
    if (!bo->dev) {