From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 971FDC33CB3 for ; Tue, 14 Jan 2020 15:09:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5CA72222C4 for ; Tue, 14 Jan 2020 15:09:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=nvidia.com header.i=@nvidia.com header.b="bo2IRZWs" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729160AbgANPJ5 (ORCPT ); Tue, 14 Jan 2020 10:09:57 -0500 Received: from hqnvemgate24.nvidia.com ([216.228.121.143]:1244 "EHLO hqnvemgate24.nvidia.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726297AbgANPJ4 (ORCPT ); Tue, 14 Jan 2020 10:09:56 -0500 Received: from hqpgpgate102.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate24.nvidia.com (using TLS: TLSv1.2, DES-CBC3-SHA) id ; Tue, 14 Jan 2020 07:09:01 -0800 Received: from hqmail.nvidia.com ([172.20.161.6]) by hqpgpgate102.nvidia.com (PGP Universal service); Tue, 14 Jan 2020 07:09:55 -0800 X-PGP-Universal: processed; by hqpgpgate102.nvidia.com on Tue, 14 Jan 2020 07:09:55 -0800 Received: from [10.21.133.51] (172.20.13.39) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 14 Jan 2020 15:09:53 +0000 From: Jon Hunter Subject: Re: [PATCH v4 01/14] dmaengine: tegra-apb: Fix use-after-free To: Dmitry Osipenko , Laxman Dewangan , Vinod Koul , Dan Williams , Thierry Reding , =?UTF-8?B?TWljaGHFgiBNaXJvc8WCYXc=?= CC: , , References: <20200112173006.29863-1-digetx@gmail.com> <20200112173006.29863-2-digetx@gmail.com> Message-ID: <4c1b9e48-5468-0c03-2108-158ee814eea8@nvidia.com> Date: Tue, 14 Jan 2020 15:09:51 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <20200112173006.29863-2-digetx@gmail.com> X-Originating-IP: [172.20.13.39] X-ClientProxiedBy: HQMAIL107.nvidia.com (172.20.187.13) To HQMAIL107.nvidia.com (172.20.187.13) Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1579014541; bh=G7diX+f6twmP7TJqSOM2EsIIN01zQX3YxUpUGhCBY2Q=; h=X-PGP-Universal:From:Subject:To:CC:References:Message-ID:Date: User-Agent:MIME-Version:In-Reply-To:X-Originating-IP: X-ClientProxiedBy:Content-Type:Content-Language: Content-Transfer-Encoding; b=bo2IRZWsYTVKvVkTCapcbpqKE1iifep2ycKLBGkQLjuhAY/ZWGG+N6owPwkbGgV18 ghBw6UUfCrnpRtbkns0ihjBENOmTIHzGPnrI/17dKE+x5OoUY9A2kyr7TMvv6xn9ge oDj9CEedRlTUjZqHm+hJ6jTW35mamu64IysH4zLCm9QZnVLsMjLcRpM9bwFrYlA0Hs WLt0x/bGzr7CtvVgcK2ji34ExjSVzkmt9HSJw8dVG9b/eC5a+1ZFsIuil5rVVOpIAv G0kQVmmwOVKtfYnUOpliHcKemnRcnd2quiqo8GLaqq1XnHRKNVWO83hO/98HNOPaVh gMWsVE0LeqONw== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/01/2020 17:29, Dmitry Osipenko wrote: > I was doing some experiments with I2C and noticed that Tegra APB DMA > driver crashes sometime after I2C DMA transfer termination. The crash > happens because tegra_dma_terminate_all() bails out immediately if pending > list is empty, thus it doesn't release the half-completed descriptors > which are getting re-used before ISR tasklet kicks-in. Can you elaborate a bit more on how these are getting re-used? What is the sequence of events which results in the panic? I believe that this was also reported in the past [0] and so I don't doubt there is an issue here, but would like to completely understand this. Thanks! Jon [0] https://lore.kernel.org/patchwork/patch/675349/ -- nvpublic