From mboxrd@z Thu Jan 1 00:00:00 1970 From: Raju P L S S S N Subject: Re: [PATCH v8 08/10] drivers: qcom: rpmh: allow requests to be sent asynchronously Date: Wed, 23 May 2018 18:00:40 +0530 Message-ID: <7384b854-1930-8a52-a0df-d3ef9cde8f42@codeaurora.org> References: <20180509170159.29682-1-ilina@codeaurora.org> <20180509170159.29682-9-ilina@codeaurora.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org To: Doug Anderson , Lina Iyer Cc: Andy Gross , David Brown , linux-arm-msm@vger.kernel.org, "open list:ARM/QUALCOMM SUPPORT" , Rajendra Nayak , msivasub@codeaurora.org, mkshah@codeaurora.org, Bjorn Andersson , LKML , Stephen Boyd , Evan Green , Matthias Kaehlcke List-Id: linux-arm-msm@vger.kernel.org Hi, On 5/12/2018 1:46 AM, Doug Anderson wrote: > Hi, > > On Wed, May 9, 2018 at 10:01 AM, Lina Iyer wrote: >> /** >> @@ -137,6 +140,8 @@ void rpmh_tx_done(const struct tcs_request *msg, int r) >> dev_err(rpm_msg->dev, "RPMH TX fail in msg addr=%#x, err=%d\n", >> rpm_msg->msg.cmds[0].addr, r); >> >> + kfree(rpm_msg->free); >> + > > The way the code is written makes it seem like you could free memory > _and_ have a completion but you can't. Specifically: > > * The only plausible thing that "rpm_msg->free" could point to is "rpm_msg". > > * The complete(compl) would then be accessing freed memory. As the completions are declared on stack, it will not access freed memory. > > I believe the kfree() should be at the end of the function. > Personally I'd make it more obvious that this is just a boolean value > and change to: > > if (rpm_msg->needs_free) > kgree(rpm_msg) > > ...then the reader of the code doesn't need to go figure out what > you're trying to free. > > > -Doug > Yes. Will change it this way in next patch set. Thanks, Raju