From: Antonio Borneo Date: Tue, 1 Aug 2017 20:09:26 +0000 (+0200) Subject: dmaengine: k3dma: fix double free of descriptor X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=132b473cd594183dbd06a00bcee079477f6a7c9c;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git dmaengine: k3dma: fix double free of descriptor Commit 36387a2b1f62b5c087c5fe6f0f7b23b94f722ad7 ("k3dma: Fix memory handling in preparation for cyclic mode") adds code to free the descriptor in ds_done. In cyclic mode, ds_done is never used and it's always NULL, so the added code is not executed. In non-cyclic mode, ds_done is used as a flag: when not NULL it signals that the descriptor has been consumed. No need to free it because it would be free by vchan_complete(). The fix takes back the code changed by the commit above: - remove the free on the descriptor; - initialize ds_done to NULL for the next run. Signed-off-by: Antonio Borneo Signed-off-by: Vinod Koul --- diff --git a/drivers/dma/k3dma.c b/drivers/dma/k3dma.c index c00eb1244fcf..b76962363519 100644 --- a/drivers/dma/k3dma.c +++ b/drivers/dma/k3dma.c @@ -724,11 +724,7 @@ static int k3_dma_terminate_all(struct dma_chan *chan) k3_dma_free_desc(&p->ds_run->vd); p->ds_run = NULL; } - if (p->ds_done) { - k3_dma_free_desc(&p->ds_done->vd); - p->ds_done = NULL; - } - + p->ds_done = NULL; } spin_unlock_irqrestore(&c->vc.lock, flags); vchan_dma_desc_free_list(&c->vc, &head);