[PATCH v13 12/12] dmaengine: imx-sdma: add terminated list for freed descriptor in worker

Mon, 31 Aug 2020 00:53:39 -0700 

Add terminated list for keeping descriptor so that it could be freed in
worker without any potential involving next descriptor raised up before
this descriptor freed, because vchan_get_all_descriptors get all
descriptors including the last terminated descriptor and the next
descriptor, hence, the next descriptor maybe freed unexpectly when it's
done in worker without this patch.
https://www.spinics.net/lists/dmaengine/msg23367.html

Signed-off-by: Robin Gong <yibin.g...@nxp.com>
Reported-by: Richard Leitner <richard.leit...@skidata.com>
---
 drivers/dma/imx-sdma.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/drivers/dma/imx-sdma.c b/drivers/dma/imx-sdma.c
index 9bb6270..2fa8733 100644
--- a/drivers/dma/imx-sdma.c
+++ b/drivers/dma/imx-sdma.c
@@ -381,6 +381,7 @@ struct sdma_channel {
        enum dma_status                 status;
        struct imx_dma_data             data;
        struct work_struct              terminate_worker;
+       struct list_head                terminated;
        bool                            is_ram_script;
 };
 
@@ -1076,9 +1077,6 @@ static void sdma_channel_terminate_work(struct 
work_struct *work)
 {
        struct sdma_channel *sdmac = container_of(work, struct sdma_channel,
                                                  terminate_worker);
-       unsigned long flags;
-       LIST_HEAD(head);
-
        /*
         * According to NXP R&D team a delay of one BD SDMA cost time
         * (maximum is 1ms) should be added after disable of the channel
@@ -1087,10 +1085,7 @@ static void sdma_channel_terminate_work(struct 
work_struct *work)
         */
        usleep_range(1000, 2000);
 
-       spin_lock_irqsave(&sdmac->vc.lock, flags);
-       vchan_get_all_descriptors(&sdmac->vc, &head);
-       spin_unlock_irqrestore(&sdmac->vc.lock, flags);
-       vchan_dma_desc_free_list(&sdmac->vc, &head);
+       vchan_dma_desc_free_list(&sdmac->vc, &sdmac->terminated);
 }
 
 static int sdma_terminate_all(struct dma_chan *chan)
@@ -1104,6 +1099,13 @@ static int sdma_terminate_all(struct dma_chan *chan)
 
        if (sdmac->desc) {
                vchan_terminate_vdesc(&sdmac->desc->vd);
+               /*
+                * move out current descriptor into terminated list so that
+                * it could be free in sdma_channel_terminate_work alone
+                * later without potential involving next descriptor raised
+                * up before the last descriptor terminated.
+                */
+               vchan_get_all_descriptors(&sdmac->vc, &sdmac->terminated);
                sdmac->desc = NULL;
                schedule_work(&sdmac->terminate_worker);
        }
@@ -2124,6 +2126,7 @@ static int sdma_probe(struct platform_device *pdev)
 
                sdmac->channel = i;
                sdmac->vc.desc_free = sdma_desc_free;
+               INIT_LIST_HEAD(&sdmac->terminated);
                INIT_WORK(&sdmac->terminate_worker,
                                sdma_channel_terminate_work);
                /*
-- 
2.7.4

Reply via email to