From: Loic Poulain <[email protected]> [ Upstream commit db4e8de1935b0202960e9ebb88ab93e8bd1e66b1 ]
mhi_deinit_chan_ctxt functionthat takes care of unitializing channel resources, including unmapping coherent MHI areas, can be called from different path in case of controller unregistering/removal: - From a client driver remove callback, via mhi_unprepare_channel - From mhi_driver_remove that unitialize all channels mhi_driver_remove() |-> driver->remove() | |-> mhi_unprepare_channel() | |-> mhi_deinit_chan_ctxt() |... |-> mhi_deinit_chan_ctxt() This leads to double dma freeing... Fix that by preventing deinit for already uninitialized channel. Link: https://lore.kernel.org/r/[email protected] Fixes: a7f422f2f89e ("bus: mhi: Fix channel close issue on driver remove") Reported-by: Kalle Valo <[email protected]> Tested-by: Kalle Valo <[email protected]> Reviewed-by: Manivannan Sadhasivam <[email protected]> Signed-off-by: Loic Poulain <[email protected]> Signed-off-by: Manivannan Sadhasivam <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sasha Levin <[email protected]> --- drivers/bus/mhi/core/init.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/bus/mhi/core/init.c b/drivers/bus/mhi/core/init.c index f0697f433c2f1..08c45457c90fe 100644 --- a/drivers/bus/mhi/core/init.c +++ b/drivers/bus/mhi/core/init.c @@ -552,6 +552,9 @@ void mhi_deinit_chan_ctxt(struct mhi_controller *mhi_cntrl, tre_ring = &mhi_chan->tre_ring; chan_ctxt = &mhi_cntrl->mhi_ctxt->chan_ctxt[mhi_chan->chan]; + if (!chan_ctxt->rbase) /* Already uninitialized */ + return; + mhi_free_coherent(mhi_cntrl, tre_ring->alloc_size, tre_ring->pre_aligned, tre_ring->dma_handle); vfree(buf_ring->base); -- 2.27.0
