blob: 28a59d4db2b65fb88db9f81e0684d27823ab03c2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From 4967ec844a52498af050b1176fedeca37aca111e Mon Sep 17 00:00:00 2001
From: Robin Gong <yibin.gong@nxp.com>
Date: Tue, 16 Oct 2018 01:06:29 +0800
Subject: [PATCH] MLK-19931-1: dmaengine: fsl-edma-v3: fix potential kernel
crash in cyclic
There is one potential race condition in virt-dma framework as below:
terminate dma channel after the last dma done interrupt, but before
vchan_complete tasklet scheduled, thus the free-ed 'vd' (free in
fsl_edma3_terminate_all) maybe still be touched in vchan_complete()
which cause NULL pointer crash.
Kernel community noticed this issue and fix it at virt-dma level:
https://patchwork.kernel.org/patch/10057791/. To avoid backport too
much patches, set 'vc->cyclic = NULL' in terminate dma channel
interfaces to fix such issue easily.
Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Acked-by: Fugang Duan <fugang.duan@nxp.com>
(cherry picked from commit 18c9083826400a2ef731496391a0b5e71d461a5f)
---
drivers/dma/fsl-edma-v3.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/dma/fsl-edma-v3.c
+++ b/drivers/dma/fsl-edma-v3.c
@@ -285,6 +285,7 @@ static int fsl_edma3_terminate_all(struc
fsl_chan->edesc = NULL;
fsl_chan->idle = true;
fsl_chan->used = false;
+ fsl_chan->vchan.cyclic = NULL;
vchan_get_all_descriptors(&fsl_chan->vchan, &head);
spin_unlock_irqrestore(&fsl_chan->vchan.lock, flags);
vchan_dma_desc_free_list(&fsl_chan->vchan, &head);
|
