Re: [PATCH] mhi: Fix double dma free

[Loic Poulain <loic.poulain@linaro.org>]

Hi Bhaumik,

On Tue, 9 Feb 2021 at 18:27, Bhaumik Bhatt <bbhatt@codeaurora.org> wrote:
>
> On 2021-02-09 08:06 AM, Loic Poulain wrote:
> > On Tue, 9 Feb 2021 at 16:55, Jeffrey Hugo <jhugo@codeaurora.org> wrote:
> >>
> >> On 2/9/2021 8:53 AM, Loic Poulain wrote:
> >> > mhi_deinit_chan_ctxt functionthat takes care of unitializing channel
> >> > resources, including unmapping coherent MHI areas, can be called
> >> > from different path in case of controller unregistering/removal:
> >> >   - From a client driver remove callback, via mhi_unprepare_channel
> >> >   - From mhi_driver_remove that unitialize all channels
> >> >
> >> > mhi_driver_remove()
> >> > |-> driver->remove()
> >> > |    |-> mhi_unprepare_channel()
> >> > |        |-> mhi_deinit_chan_ctxt()
> >> > |...
> >> > |-> mhi_deinit_chan_ctxt()
> >> >
> >> > This leads to double dma freeing...
> >> >
> >> > Fix that by preventing deinit for already uninitialized channel.
> >> >
> >> > Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
> >> > Reported-by: Kalle Valo <kvalo@codeaurora.org>
> >> > ---
> >>
> >> Seems like this should have a Fixes: tag, no?
> >
> > Right, thanks, i'll add it in V2 once I get feedback.
>
> Hi Loic, Mani,
>
> I saw this same issue a while back but could not collect the logs for
> it.
>
> I had already pushed a patch to fix this differently [1] which was
> recently reviewed by Hemant.
>
> Although there wasn't a purposeful fixes tag for it. I think the culprit
> for this issue is [2]:
>
> As it allows the unprepare to go through on remove(), which was
> traditionally not allowed and
> ends up uncovering this issue as it fixes another.
>
> Channel updates [3] address that and provide a bunch of other
> improvements. Please consider them.

Yes, patch [2] is the culprit. I would recommend merging this tiny fix
so that it can be easily grab for 5.11 or backported, and keep your
series (rebased on top), for mhi-next (going to review/test it btw).

Regards,
Loic