Re: [PATCH] rapidio: fix rio_dma_transfer error handling

From: Andrew Morton
Date: Fri Apr 13 2018 - 17:16:41 EST

Next message: Rob Herring: "Re: [PATCH v2 1/5] clk: Extract OF clock helpers in <linux/of_clk.h>"
Previous message: David Rientjes: "Re: [PATCH] fs/dcache.c: re-add cond_resched() in shrink_dcache_parent()"
In reply to: Ioan Nicu: "Re: [PATCH] rapidio: fix rio_dma_transfer error handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 13 Apr 2018 09:09:18 +0200 Ioan Nicu <ioan.nicu.ext@xxxxxxxxx> wrote:

> > > And please remember to always include all information regarding
> > > end-user impact when fixing bugs.
> > >
> > This bug fix is applicable to versions starting from v4.6
>
> Actually, this is something I broke with my previous patch where I added a
> kref to the mport_dma_req structure. Before this patch, all the error paths
> were doing kfree(req) instead of kref_put(&req->refcount, dma_req_free).
>
> Now that dma_req_free() is called, it dereferences req->dmach, which is
> initialized late in do_dma_request(), so dma_req_free() could be called
> with a NULL req->dmach in some cases.
>
> Sorry if I did not make this clear enough in the description.

I added

Fixes: bbd876adb8c72 ("rapidio: use a reference count for struct mport_dma_req")

(correct?) and removed cc:stable.

Next message: Rob Herring: "Re: [PATCH v2 1/5] clk: Extract OF clock helpers in <linux/of_clk.h>"
Previous message: David Rientjes: "Re: [PATCH] fs/dcache.c: re-add cond_resched() in shrink_dcache_parent()"
In reply to: Ioan Nicu: "Re: [PATCH] rapidio: fix rio_dma_transfer error handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]