From: Bhaumik Bhatt <bbhatt@codeaurora.org>
To: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Cc: loic.poulain@linaro.org, jhugo@codeaurora.org,
gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
linux-arm-msm@vger.kernel.org, hemantk@codeaurora.org,
ath11k@lists.infradead.org, kvalo@codeaurora.org
Subject: Re: [PATCH 1/1] mhi: Fix double dma free
Date: Wed, 10 Feb 2021 09:45:13 -0800 [thread overview]
Message-ID: <a6771f11aa2b3e032223e94f744d2f32@codeaurora.org> (raw)
In-Reply-To: <20210210082538.2494-2-manivannan.sadhasivam@linaro.org>
On 2021-02-10 12:25 AM, Manivannan Sadhasivam wrote:
> From: Loic Poulain <loic.poulain@linaro.org>
>
> mhi_deinit_chan_ctxt functionthat takes care of unitializing channel
s/functionthat/function that, uninitializing
> resources, including unmapping coherent MHI areas, can be called
> from different path in case of controller unregistering/removal:
> - From a client driver remove callback, via mhi_unprepare_channel
> - From mhi_driver_remove that unitialize all channels
uninitialize
>
> mhi_driver_remove()
> |-> driver->remove()
> | |-> mhi_unprepare_channel()
> | |-> mhi_deinit_chan_ctxt()
> |...
> |-> mhi_deinit_chan_ctxt()
>
> This leads to double dma freeing...
>
> Fix that by preventing deinit for already uninitialized channel.
>
> Fixes: a7f422f2f89e ("bus: mhi: Fix channel close issue on driver
> remove")
> Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
> Reported-by: Kalle Valo <kvalo@codeaurora.org>
> Tested-by: Kalle Valo <kvalo@codeaurora.org>
> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> Link:
> https://lore.kernel.org/r/1612894264-15956-1-git-send-email-loic.poulain@linaro.org
> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> ---
> drivers/bus/mhi/core/init.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
> index aa575d3fb3ae..be4eebb0971b 100644
> --- a/drivers/bus/mhi/core/init.c
> +++ b/drivers/bus/mhi/core/init.c
> @@ -557,6 +557,9 @@ void mhi_deinit_chan_ctxt(struct mhi_controller
> *mhi_cntrl,
> tre_ring = &mhi_chan->tre_ring;
> chan_ctxt = &mhi_cntrl->mhi_ctxt->chan_ctxt[mhi_chan->chan];
>
> + if (!chan_ctxt->rbase) /* Already uninitialized */
> + return;
> +
> mhi_free_coherent(mhi_cntrl, tre_ring->alloc_size,
> tre_ring->pre_aligned, tre_ring->dma_handle);
> vfree(buf_ring->base);
As mentioned in my previous email, I see some improvements can be made
to the commit
message and title of this patch. Highlighted those above.
Please update title to "bus: mhi: core: Fix double DMA free from
mhi_deinit_chan_ctxt()".
Thanks,
Bhaumik
---
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora
Forum,
a Linux Foundation Collaborative Project
--
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
WARNING: multiple messages have this Message-ID (diff)
From: Bhaumik Bhatt <bbhatt@codeaurora.org>
To: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Cc: gregkh@linuxfoundation.org, hemantk@codeaurora.org,
linux-arm-msm@vger.kernel.org, jhugo@codeaurora.org,
linux-kernel@vger.kernel.org, loic.poulain@linaro.org,
kvalo@codeaurora.org, ath11k@lists.infradead.org
Subject: Re: [PATCH 1/1] mhi: Fix double dma free
Date: Wed, 10 Feb 2021 09:45:13 -0800 [thread overview]
Message-ID: <a6771f11aa2b3e032223e94f744d2f32@codeaurora.org> (raw)
In-Reply-To: <20210210082538.2494-2-manivannan.sadhasivam@linaro.org>
On 2021-02-10 12:25 AM, Manivannan Sadhasivam wrote:
> From: Loic Poulain <loic.poulain@linaro.org>
>
> mhi_deinit_chan_ctxt functionthat takes care of unitializing channel
s/functionthat/function that, uninitializing
> resources, including unmapping coherent MHI areas, can be called
> from different path in case of controller unregistering/removal:
> - From a client driver remove callback, via mhi_unprepare_channel
> - From mhi_driver_remove that unitialize all channels
uninitialize
>
> mhi_driver_remove()
> |-> driver->remove()
> | |-> mhi_unprepare_channel()
> | |-> mhi_deinit_chan_ctxt()
> |...
> |-> mhi_deinit_chan_ctxt()
>
> This leads to double dma freeing...
>
> Fix that by preventing deinit for already uninitialized channel.
>
> Fixes: a7f422f2f89e ("bus: mhi: Fix channel close issue on driver
> remove")
> Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
> Reported-by: Kalle Valo <kvalo@codeaurora.org>
> Tested-by: Kalle Valo <kvalo@codeaurora.org>
> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> Link:
> https://lore.kernel.org/r/1612894264-15956-1-git-send-email-loic.poulain@linaro.org
> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
> ---
> drivers/bus/mhi/core/init.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c
> index aa575d3fb3ae..be4eebb0971b 100644
> --- a/drivers/bus/mhi/core/init.c
> +++ b/drivers/bus/mhi/core/init.c
> @@ -557,6 +557,9 @@ void mhi_deinit_chan_ctxt(struct mhi_controller
> *mhi_cntrl,
> tre_ring = &mhi_chan->tre_ring;
> chan_ctxt = &mhi_cntrl->mhi_ctxt->chan_ctxt[mhi_chan->chan];
>
> + if (!chan_ctxt->rbase) /* Already uninitialized */
> + return;
> +
> mhi_free_coherent(mhi_cntrl, tre_ring->alloc_size,
> tre_ring->pre_aligned, tre_ring->dma_handle);
> vfree(buf_ring->base);
As mentioned in my previous email, I see some improvements can be made
to the commit
message and title of this patch. Highlighted those above.
Please update title to "bus: mhi: core: Fix double DMA free from
mhi_deinit_chan_ctxt()".
Thanks,
Bhaumik
---
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora
Forum,
a Linux Foundation Collaborative Project
next prev parent reply other threads:[~2021-02-10 17:45 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-10 8:25 [PATCH 0/1] MHI fix for v5.12 Manivannan Sadhasivam
2021-02-10 8:25 ` Manivannan Sadhasivam
2021-02-10 8:25 ` [PATCH 1/1] mhi: Fix double dma free Manivannan Sadhasivam
2021-02-10 8:25 ` Manivannan Sadhasivam
2021-02-10 17:45 ` Bhaumik Bhatt [this message]
2021-02-10 17:45 ` Bhaumik Bhatt
2021-03-01 19:59 ` [PATCH 0/1] MHI fix for v5.12 patchwork-bot+linux-arm-msm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a6771f11aa2b3e032223e94f744d2f32@codeaurora.org \
--to=bbhatt@codeaurora.org \
--cc=ath11k@lists.infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=hemantk@codeaurora.org \
--cc=jhugo@codeaurora.org \
--cc=kvalo@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=loic.poulain@linaro.org \
--cc=manivannan.sadhasivam@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.