Re: [PATCH net 1/1] net: ipa: pass the correct size when freeing DMA memory

Thu, 03 Dec 2020 15:29:40 -0800 

On Thu 03 Dec 15:51 CST 2020, Alex Elder wrote:

> When the coherent memory is freed in gsi_trans_pool_exit_dma(), we
> are mistakenly passing the size of a single element in the pool
> rather than the actual allocated size.  Fix this bug.
> 
> Fixes: 9dd441e4ed575 ("soc: qcom: ipa: GSI transactions")
> Reported-by: Stephen Boyd <swb...@chromium.org>
> Tested-by: Sujit Kautkar <suji...@chromium.org>
> Signed-off-by: Alex Elder <el...@linaro.org>

Reviewed-by: Bjorn Andersson <bjorn.anders...@linaro.org>

Regards,
Bjorn

> ---
>  drivers/net/ipa/gsi_trans.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ipa/gsi_trans.c b/drivers/net/ipa/gsi_trans.c
> index e8599bb948c08..6c3ed5b17b80c 100644
> --- a/drivers/net/ipa/gsi_trans.c
> +++ b/drivers/net/ipa/gsi_trans.c
> @@ -156,6 +156,9 @@ int gsi_trans_pool_init_dma(struct device *dev, struct 
> gsi_trans_pool *pool,
>       /* The allocator will give us a power-of-2 number of pages.  But we
>        * can't guarantee that, so request it.  That way we won't waste any
>        * memory that would be available beyond the required space.
> +      *
> +      * Note that gsi_trans_pool_exit_dma() assumes the total allocated
> +      * size is exactly (count * size).
>        */
>       total_size = get_order(total_size) << PAGE_SHIFT;
>  
> @@ -175,7 +178,9 @@ int gsi_trans_pool_init_dma(struct device *dev, struct 
> gsi_trans_pool *pool,
>  
>  void gsi_trans_pool_exit_dma(struct device *dev, struct gsi_trans_pool *pool)
>  {
> -     dma_free_coherent(dev, pool->size, pool->base, pool->addr);
> +     size_t total_size = pool->count * pool->size;
> +
> +     dma_free_coherent(dev, total_size, pool->base, pool->addr);
>       memset(pool, 0, sizeof(*pool));
>  }
>  
> -- 
> 2.20.1
>

Reply via email to