From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=F2nd=MG=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D3826C11F66
	for <linux-arm-kernel@archiver.kernel.org>; Wed, 14 Jul 2021 05:11:38 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 9451B613AF
	for <linux-arm-kernel@archiver.kernel.org>; Wed, 14 Jul 2021 05:11:38 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9451B613AF
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:
	Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=2FofJ7BVCNl+ASMMV9xYcDHBu/zR7EqY3lpxx5uyhlE=; b=l6C5+zp5MsbVdi
	nH2NohuBoy5m0GfuEOaGVtmWS3DHDiKzke9mUg4tLevm8BoTCrk1lr1oVl43se2POsWb5bt/iylh2
	3hXUXaJmvpQ/o25t3ouixmM+y27HKaP+VNfOXiM3kxaJh2AvF4m1WNDAbboc3XwTRY0XmgeKgwTj0
	WUdP5/UCsOiJO++XY4v9aFpsx70MjNlaz+o77gZUvmopkeS9tOK8JiWUQBgiJVG5XBSaXZFQ+c8Kb
	nwkqkV+cMyPi5wip8Zosb0Vi76dl0eNpAGff/u4wlzT4j0kNAtKF8ie45UBE9igp0fXEX3c5/CbKD
	hrsu9W7AaHIHPIsRMg0Q==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1m3X9t-00CLot-Lv; Wed, 14 Jul 2021 05:10:09 +0000
Received: from mail.kernel.org ([198.145.29.99])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1m3X9q-00CLoR-G0
 for linux-arm-kernel@lists.infradead.org; Wed, 14 Jul 2021 05:10:07 +0000
Received: by mail.kernel.org (Postfix) with ESMTPSA id 23F986128B;
 Wed, 14 Jul 2021 05:10:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1626239406;
 bh=t8bL81gRFQESqYmW8xNb7ypHYtyV4k0LDE0X2Ub+GQE=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
 b=phEm6F7yJsYoP1BQU0fdY4vF5xPLpPC+WfCOVclleTzkrn/zh7EUGivumhikG8FsD
 Pqf1c5Eb4U1Q8Aqqi64cKK1ZQdeJaCVDdJ18CYo9FUGfctTQBSAehXR9MPy4wm7sVu
 iG3I3qtxbdMoYsbCK4N4BJO80NcjzOSQ78CpJeWNechmjP3Kf0FBFcvuerpGCmLJSO
 Y1d+Fb8QpcL4PUTC4AW+eEQgw/O0NK6GqpBaMcGkq7XZX7J4pNTnvknWWKYB/jJmN4
 fC51x02lMRJyl/B3NdLZltHY2O8IwX40gp5z8csh3S1JmUXZaKkKIW98IbpGnFtcg6
 zapniH5eps49g==
Date: Wed, 14 Jul 2021 10:40:02 +0530
From: Vinod Koul <vkoul@kernel.org>
To: Adrian Larumbe <adrian.martinezlarumbe@imgtec.com>
Cc: dmaengine@vger.kernel.org, michal.simek@xilinx.com,
 linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 2/2] xilinx_dma: Fix read-after-free bug when terminating
 transfers
Message-ID: <YO5xqrys1az1UDeP@matsya>
References: <20210706234338.7696-1-adrian.martinezlarumbe@imgtec.com>
 <20210706234338.7696-3-adrian.martinezlarumbe@imgtec.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20210706234338.7696-3-adrian.martinezlarumbe@imgtec.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210713_221006_606927_654A2942 
X-CRM114-Status: GOOD (  11.06  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On 07-07-21, 00:43, Adrian Larumbe wrote:
> When user calls dmaengine_terminate_sync, the driver will clean up any
> remaining descriptors for all the pending or active transfers that had
> previously been submitted. However, this might happen whilst the tasklet is
> invoking the DMA callback for the last finished transfer, so by the time it
> returns and takes over the channel's spinlock, the list of completed
> descriptors it was traversing is no longer valid. This leads to a
> read-after-free situation.
> 
> Fix it by signalling whether a user-triggered termination has happened by
> means of a boolean variable.

Applied after adding subsystem name, thanks

-- 
~Vinod

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel