From 4967ec844a52498af050b1176fedeca37aca111e Mon Sep 17 00:00:00 2001 From: Robin Gong <yibin.gong@nxp.com> Date: Tue, 16 Oct 2018 01:06:29 +0800 Subject: [PATCH] MLK-19931-1: dmaengine: fsl-edma-v3: fix potential kernel crash in cyclic There is one potential race condition in virt-dma framework as below: terminate dma channel after the last dma done interrupt, but before vchan_complete tasklet scheduled, thus the free-ed 'vd' (free in fsl_edma3_terminate_all) maybe still be touched in vchan_complete() which cause NULL pointer crash. Kernel community noticed this issue and fix it at virt-dma level: https://patchwork.kernel.org/patch/10057791/. To avoid backport too much patches, set 'vc->cyclic = NULL' in terminate dma channel interfaces to fix such issue easily. Signed-off-by: Robin Gong <yibin.gong@nxp.com> Acked-by: Fugang Duan <fugang.duan@nxp.com> (cherry picked from commit 18c9083826400a2ef731496391a0b5e71d461a5f) --- drivers/dma/fsl-edma-v3.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/dma/fsl-edma-v3.c +++ b/drivers/dma/fsl-edma-v3.c @@ -285,6 +285,7 @@ static int fsl_edma3_terminate_all(struc fsl_chan->edesc = NULL; fsl_chan->idle = true; fsl_chan->used = false; + fsl_chan->vchan.cyclic = NULL; vchan_get_all_descriptors(&fsl_chan->vchan, &head); spin_unlock_irqrestore(&fsl_chan->vchan.lock, flags); vchan_dma_desc_free_list(&fsl_chan->vchan, &head);