dma-coherent: fix possible panic when releasing chunk
Sri Krishna chowdary [Tue, 22 Mar 2016 04:25:13 +0000 (09:25 +0530)]
When more than cma_chunk_size is being released then dma
release callback panics. Treat it as a valid release as long
as it lies within the current size of the cma region shared
with the OS.

bug 1715544
bug 200290806

Change-Id: Iee513067f00d2f0c91ca1811f58382b7724b528e
Signed-off-by: Sri Krishna chowdary <schowdary@nvidia.com>
Reviewed-on: http://git-master/r/1113872
(cherry picked from commit b7b3f787bfb885678c6470f00671247743cf0aaa)
Reviewed-on: http://git-master/r/1325120
Reviewed-by: Michael Frydrych <mfrydrych@nvidia.com>
Tested-by: Michael Frydrych <mfrydrych@nvidia.com>
Reviewed-by: Vinayak Pane <vpane@nvidia.com>
(cherry picked from commit af2c2cd6b076fb03026c2cdb73b433431549779d)
Reviewed-on: http://git-master/r/1459993
Tested-by: Vinayak Pane <vpane@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Manish Tuteja <mtuteja@nvidia.com>

drivers/base/dma-coherent.c

index 22eb61d..1e3e5b7 100644 (file)
@@ -648,16 +648,17 @@ static int dma_release_from_coherent_heap_dev(struct device *dev, size_t len,
        BUG_ON(!h);
        if (!h)
                return 1;
-       if ((uintptr_t)base < h->cma_base ||
-           len > h->cma_chunk_size ||
-           (uintptr_t)base - h->cma_base > h->cma_len - len) {
+
+       mutex_lock(&h->resize_lock);
+       if ((uintptr_t)base < h->curr_base || len > h->curr_len ||
+           (uintptr_t)base - h->curr_base > h->curr_len - len) {
                BUG();
+               mutex_unlock(&h->resize_lock);
                return 1;
        }
 
        dma_set_attr(DMA_ATTR_ALLOC_EXACT_SIZE, attrs);
 
-       mutex_lock(&h->resize_lock);
        idx = div_u64((uintptr_t)base - h->cma_base, h->cma_chunk_size);
        dev_dbg(&h->dev, "req free addr (%p) size (0x%zx) idx (%d)\n",
                base, len, idx);