Re: [PATCH v2] rpmsg: smd: do not use mananged resources for endpoints and channels

Bjorn Andersson <bjorn.andersson@xxxxxxxxxx> · Mon, 4 Jun 2018 12:35:55 -0700

On Mon 04 Jun 02:39 PDT 2018, Srinivas Kandagatla wrote:

> All the managed resources would be freed by the time release function
> is invoked. Handling such memory in qcom_smd_edge_release() would do
> bad things.
> 
> Found this issue while testing Audio usecase where the dsp is started up
> and shutdown in a loop.
> 
> This patch fixes this issue by using simple kzalloc for allocating
> channel->name and channel which is then freed in qcom_smd_edge_release().
> 
> Without this patch restarting a remoteproc would crash the system.
> Fixes: 53e2822e56c7 ("rpmsg: Introduce Qualcomm SMD backend")
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@xxxxxxxxxx>

Thanks Srini,
Bjorn

> ---
>  drivers/rpmsg/qcom_smd.c | 18 +++++++++---------
>  1 file changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/drivers/rpmsg/qcom_smd.c b/drivers/rpmsg/qcom_smd.c
> index 5ce9bf7b897d..f63adcd95eb0 100644
> --- a/drivers/rpmsg/qcom_smd.c
> +++ b/drivers/rpmsg/qcom_smd.c
> @@ -1100,12 +1100,12 @@ static struct qcom_smd_channel *qcom_smd_create_channel(struct qcom_smd_edge *ed
>  	void *info;
>  	int ret;
>  
> -	channel = devm_kzalloc(&edge->dev, sizeof(*channel), GFP_KERNEL);
> +	channel = kzalloc(sizeof(*channel), GFP_KERNEL);
>  	if (!channel)
>  		return ERR_PTR(-ENOMEM);
>  
>  	channel->edge = edge;
> -	channel->name = devm_kstrdup(&edge->dev, name, GFP_KERNEL);
> +	channel->name = kstrdup(name, GFP_KERNEL);
>  	if (!channel->name)
>  		return ERR_PTR(-ENOMEM);
>  
> @@ -1156,8 +1156,8 @@ static struct qcom_smd_channel *qcom_smd_create_channel(struct qcom_smd_edge *ed
>  	return channel;
>  
>  free_name_and_channel:
> -	devm_kfree(&edge->dev, channel->name);
> -	devm_kfree(&edge->dev, channel);
> +	kfree(channel->name);
> +	kfree(channel);
>  
>  	return ERR_PTR(ret);
>  }
> @@ -1378,13 +1378,13 @@ static int qcom_smd_parse_edge(struct device *dev,
>   */
>  static void qcom_smd_edge_release(struct device *dev)
>  {
> -	struct qcom_smd_channel *channel;
> +	struct qcom_smd_channel *channel, *tmp;
>  	struct qcom_smd_edge *edge = to_smd_edge(dev);
>  
> -	list_for_each_entry(channel, &edge->channels, list) {
> -		SET_RX_CHANNEL_INFO(channel, state, SMD_CHANNEL_CLOSED);
> -		SET_RX_CHANNEL_INFO(channel, head, 0);
> -		SET_RX_CHANNEL_INFO(channel, tail, 0);
> +	list_for_each_entry_safe(channel, tmp, &edge->channels, list) {
> +		list_del(&channel->list);
> +		kfree(channel->name);
> +		kfree(channel);
>  	}
>  
>  	kfree(edge);
> -- 
> 2.16.2
> 