From: Loic Poulain Date: Wed, 10 Feb 2021 08:25:38 +0000 (+0530) Subject: mhi: Fix double dma free X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=db4e8de1935b0202960e9ebb88ab93e8bd1e66b1;p=linux.git mhi: Fix double dma free mhi_deinit_chan_ctxt functionthat takes care of unitializing channel resources, including unmapping coherent MHI areas, can be called from different path in case of controller unregistering/removal: - From a client driver remove callback, via mhi_unprepare_channel - From mhi_driver_remove that unitialize all channels mhi_driver_remove() |-> driver->remove() | |-> mhi_unprepare_channel() | |-> mhi_deinit_chan_ctxt() |... |-> mhi_deinit_chan_ctxt() This leads to double dma freeing... Fix that by preventing deinit for already uninitialized channel. Link: https://lore.kernel.org/r/1612894264-15956-1-git-send-email-loic.poulain@linaro.org Fixes: a7f422f2f89e ("bus: mhi: Fix channel close issue on driver remove") Reported-by: Kalle Valo Tested-by: Kalle Valo Reviewed-by: Manivannan Sadhasivam Signed-off-by: Loic Poulain Signed-off-by: Manivannan Sadhasivam Link: https://lore.kernel.org/r/20210210082538.2494-2-manivannan.sadhasivam@linaro.org Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c index aa575d3fb3aea..be4eebb0971bc 100644 --- a/drivers/bus/mhi/core/init.c +++ b/drivers/bus/mhi/core/init.c @@ -557,6 +557,9 @@ void mhi_deinit_chan_ctxt(struct mhi_controller *mhi_cntrl, tre_ring = &mhi_chan->tre_ring; chan_ctxt = &mhi_cntrl->mhi_ctxt->chan_ctxt[mhi_chan->chan]; + if (!chan_ctxt->rbase) /* Already uninitialized */ + return; + mhi_free_coherent(mhi_cntrl, tre_ring->alloc_size, tre_ring->pre_aligned, tre_ring->dma_handle); vfree(buf_ring->base);