18.01.2022 08:36, Akhil R пишет:
>> 17.01.2022 10:02, Akhil R пишет:
>>>> 10.01.2022 19:05, Akhil R пишет:
>>>>> +static int tegra_dma_terminate_all(struct dma_chan *dc)
>>>>> +{
>>>>> + struct tegra_dma_channel *tdc = to_tegra_dma_chan(dc);
>>>>> + unsigned long flags;
>>>>> + LIST_HEAD(head);
>>>>> + int err;
>>>>> +
>>>>> + if (tdc->dma_desc) {
>>>>
>>>> Needs locking protection against racing with the interrupt handler.
>>> tegra_dma_stop_client() waits for the in-flight transfer
>>> to complete and prevents any additional transfer to start.
>>> Wouldn't it manage the race? Do you see any potential issue there?
>>
>> You should consider interrupt handler like a process running in a
>> parallel thread. The interrupt handler sets tdc->dma_desc to NULL, hence
>> you'll get NULL dereference in tegra_dma_stop_client().
>
> Is it better if I remove the below part from tegra_dma_stop_client() so
> that dma_desc is not accessed at all?
>
> + wcount = tdc_read(tdc, TEGRA_GPCDMA_CHAN_XFER_COUNT);
> + tdc->dma_desc->bytes_transferred +=
> + tdc->dma_desc->bytes_requested - (wcount * 4);
>
> Because I don't see a point in updating the value there. dma_desc is set
> to NULL in the next step in terminate_all() anyway.
That isn't going help you much because you also can't release DMA
descriptor while interrupt handler still may be running and using that
descriptor.
