drm/gma500: Use correct unref in the gem bo create function

commit d3e376f52d095103ca51dbda4d6ff8aaf488f98f upstream.

This is called without dev->struct_mutex held, we need to use the
_unlocked variant.

Never caught in the wild since you'd need an evil userspace which
races a gem_close ioctl call with the in-progress open.

Cc: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Acked-by: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1448271183-20523-17-git-send-email-daniel.vetter@ffwll.ch
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/gpu/drm/gma500/gem.c b/drivers/gpu/drm/gma500/gem.c
index c707fa6fca85bac195b824c7dcdb885074161f9a..e3bdc8b1c32c0786aacea4261351ef9fc5e92ef1 100644 (file)
--- a/drivers/gpu/drm/gma500/gem.c
+++ b/drivers/gpu/drm/gma500/gem.c
@@ -130,7 +130,7 @@ int psb_gem_create(struct drm_file *file, struct drm_device *dev, u64 size,
                return ret;
        }
        /* We have the initial and handle reference but need only one now */
-       drm_gem_object_unreference(&r->gem);
+       drm_gem_object_unreference_unlocked(&r->gem);
        *handlep = handle;
        return 0;
 }