Re: [PATCH net 1/1] net: ipa: pass the correct size when freeing DMA memory
From: Bjorn Andersson
Date: Thu Dec 03 2020 - 18:29:01 EST
On Thu 03 Dec 15:51 CST 2020, Alex Elder wrote:
> When the coherent memory is freed in gsi_trans_pool_exit_dma(), we
> are mistakenly passing the size of a single element in the pool
> rather than the actual allocated size. Fix this bug.
>
> Fixes: 9dd441e4ed575 ("soc: qcom: ipa: GSI transactions")
> Reported-by: Stephen Boyd <swboyd@xxxxxxxxxxxx>
> Tested-by: Sujit Kautkar <sujitka@xxxxxxxxxxxx>
> Signed-off-by: Alex Elder <elder@xxxxxxxxxx>
Reviewed-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>
Regards,
Bjorn
> ---
> drivers/net/ipa/gsi_trans.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/ipa/gsi_trans.c b/drivers/net/ipa/gsi_trans.c
> index e8599bb948c08..6c3ed5b17b80c 100644
> --- a/drivers/net/ipa/gsi_trans.c
> +++ b/drivers/net/ipa/gsi_trans.c
> @@ -156,6 +156,9 @@ int gsi_trans_pool_init_dma(struct device *dev, struct gsi_trans_pool *pool,
> /* The allocator will give us a power-of-2 number of pages. But we
> * can't guarantee that, so request it. That way we won't waste any
> * memory that would be available beyond the required space.
> + *
> + * Note that gsi_trans_pool_exit_dma() assumes the total allocated
> + * size is exactly (count * size).
> */
> total_size = get_order(total_size) << PAGE_SHIFT;
>
> @@ -175,7 +178,9 @@ int gsi_trans_pool_init_dma(struct device *dev, struct gsi_trans_pool *pool,
>
> void gsi_trans_pool_exit_dma(struct device *dev, struct gsi_trans_pool *pool)
> {
> - dma_free_coherent(dev, pool->size, pool->base, pool->addr);
> + size_t total_size = pool->count * pool->size;
> +
> + dma_free_coherent(dev, total_size, pool->base, pool->addr);
> memset(pool, 0, sizeof(*pool));
> }
>
> --
> 2.20.1
>