From 95e53ddd8240bad37df985a9ae2d2a07f49e6bf1 Mon Sep 17 00:00:00 2001 From: Mitchel Humpherys Date: Thu, 8 Jan 2015 17:24:27 -0800 Subject: [PATCH] staging: ion: always initialize the free list parameters Currently we initialize the heap free_lock and free list size in ion_heap_init_deferred_free, which is only called when the ION_HEAP_FLAG_DEFER_FREE heap flag is given. However, the lock and size are used in the shrinker path as well as the deferred free path, and we can register a shrinker *without* enabling deferred freeing. So, if a heap provides a shrinker but *doesn't* set the DEFER_FREE flag we will use these parameters uninitialized (resulting in a spinlock bug and broken shrinker accounting). Fix these problems by initializing the free list parameters directly in ion_device_add_heap, which is always called no matter which heap features are being used. Signed-off-by: Mitchel Humpherys Signed-off-by: Greg Kroah-Hartman --- drivers/staging/android/ion/ion.c | 3 +++ drivers/staging/android/ion/ion_heap.c | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 296d347660fc..b8f1c491553e 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -1508,6 +1508,9 @@ void ion_device_add_heap(struct ion_device *dev, struct ion_heap *heap) pr_err("%s: can not add heap with invalid ops struct.\n", __func__); + spin_lock_init(&heap->free_lock); + heap->free_list_size = 0; + if (heap->flags & ION_HEAP_FLAG_DEFER_FREE) ion_heap_init_deferred_free(heap); diff --git a/drivers/staging/android/ion/ion_heap.c b/drivers/staging/android/ion/ion_heap.c index 4605e04712aa..fd13d05b538a 100644 --- a/drivers/staging/android/ion/ion_heap.c +++ b/drivers/staging/android/ion/ion_heap.c @@ -253,8 +253,6 @@ int ion_heap_init_deferred_free(struct ion_heap *heap) struct sched_param param = { .sched_priority = 0 }; INIT_LIST_HEAD(&heap->free_list); - heap->free_list_size = 0; - spin_lock_init(&heap->free_lock); init_waitqueue_head(&heap->waitqueue); heap->task = kthread_run(ion_heap_deferred_free, heap, "%s", heap->name); -- 2.20.1