On Fri, 2019-12-20 at 15:11 +0200, Peter Ujfalusi wrote:
> [External]
>
> vchan_vdesc_fini() is freeing up 'vd' so the access to vd->tx_result is
> via already freed up memory.
>
> Move the vchan_vdesc_fini() after invoking the callback to avoid this.
>
Apologies for seeing this too late: typo in title vcna_complete() ->
vchan_complete()
> Fixes: 09d5b702b0f97 ("dmaengine: virt-dma: store result on dma
> descriptor")
> Signed-off-by: Peter Ujfalusi <peter.ujfalusi@xxxxxx>
> ---
> drivers/dma/virt-dma.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/dma/virt-dma.c b/drivers/dma/virt-dma.c
> index ec4adf4260a0..256fc662c500 100644
> --- a/drivers/dma/virt-dma.c
> +++ b/drivers/dma/virt-dma.c
> @@ -104,9 +104,8 @@ static void vchan_complete(unsigned long arg)
> dmaengine_desc_get_callback(&vd->tx, &cb);
>
> list_del(&vd->node);
> - vchan_vdesc_fini(vd);
> -
> dmaengine_desc_callback_invoke(&cb, &vd->tx_result);
> + vchan_vdesc_fini(vd);
> }
> }
>
