From: Loic Poulain <loic.poulain@linaro.org>
To: Bhaumik Bhatt <bbhatt@codeaurora.org>
Cc: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>,
Jeffrey Hugo <jhugo@codeaurora.org>,
Hemant Kumar <hemantk@codeaurora.org>,
Kalle Valo <kvalo@codeaurora.org>,
linux-arm-msm <linux-arm-msm@vger.kernel.org>
Subject: Re: [PATCH] mhi: Fix double dma free
Date: Tue, 9 Feb 2021 19:17:32 +0100 [thread overview]
Message-ID: <CAMZdPi-3PBGLE7KYoSkKWOT7YrbrpA70NRJo2Lrc-MQr=oKUyg@mail.gmail.com> (raw)
In-Reply-To: <7a641d95c2e8c74c7dfc537c74a7ae1a@codeaurora.org>
Hi Bhaumik,
On Tue, 9 Feb 2021 at 18:27, Bhaumik Bhatt <bbhatt@codeaurora.org> wrote:
>
> On 2021-02-09 08:06 AM, Loic Poulain wrote:
> > On Tue, 9 Feb 2021 at 16:55, Jeffrey Hugo <jhugo@codeaurora.org> wrote:
> >>
> >> On 2/9/2021 8:53 AM, Loic Poulain wrote:
> >> > mhi_deinit_chan_ctxt functionthat takes care of unitializing channel
> >> > resources, including unmapping coherent MHI areas, can be called
> >> > from different path in case of controller unregistering/removal:
> >> > - From a client driver remove callback, via mhi_unprepare_channel
> >> > - From mhi_driver_remove that unitialize all channels
> >> >
> >> > mhi_driver_remove()
> >> > |-> driver->remove()
> >> > | |-> mhi_unprepare_channel()
> >> > | |-> mhi_deinit_chan_ctxt()
> >> > |...
> >> > |-> mhi_deinit_chan_ctxt()
> >> >
> >> > This leads to double dma freeing...
> >> >
> >> > Fix that by preventing deinit for already uninitialized channel.
> >> >
> >> > Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
> >> > Reported-by: Kalle Valo <kvalo@codeaurora.org>
> >> > ---
> >>
> >> Seems like this should have a Fixes: tag, no?
> >
> > Right, thanks, i'll add it in V2 once I get feedback.
>
> Hi Loic, Mani,
>
> I saw this same issue a while back but could not collect the logs for
> it.
>
> I had already pushed a patch to fix this differently [1] which was
> recently reviewed by Hemant.
>
> Although there wasn't a purposeful fixes tag for it. I think the culprit
> for this issue is [2]:
>
> As it allows the unprepare to go through on remove(), which was
> traditionally not allowed and
> ends up uncovering this issue as it fixes another.
>
> Channel updates [3] address that and provide a bunch of other
> improvements. Please consider them.
Yes, patch [2] is the culprit. I would recommend merging this tiny fix
so that it can be easily grab for 5.11 or backported, and keep your
series (rebased on top), for mhi-next (going to review/test it btw).
Regards,
Loic
next prev parent reply other threads:[~2021-02-09 18:24 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-09 15:53 [PATCH] mhi: Fix double dma free Loic Poulain
2021-02-09 15:55 ` Loic Poulain
2021-02-09 17:02 ` Kalle Valo
2021-02-09 15:55 ` Jeffrey Hugo
2021-02-09 16:06 ` Loic Poulain
2021-02-09 17:27 ` Bhaumik Bhatt
2021-02-09 18:17 ` Loic Poulain [this message]
2021-02-10 4:37 ` Bhaumik Bhatt
2021-02-10 8:17 ` Manivannan Sadhasivam
-- strict thread matches above, loose matches on Subject: below --
2021-02-09 15:52 Loic Poulain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMZdPi-3PBGLE7KYoSkKWOT7YrbrpA70NRJo2Lrc-MQr=oKUyg@mail.gmail.com' \
--to=loic.poulain@linaro.org \
--cc=bbhatt@codeaurora.org \
--cc=hemantk@codeaurora.org \
--cc=jhugo@codeaurora.org \
--cc=kvalo@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=manivannan.sadhasivam@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).