Re: [PATCH V2] dmaengine: Fix client_count is countered one more incorrectly.

From: Jerry Snitselaar
Date: Wed Nov 02 2022 - 14:09:43 EST

Next message: Vasily Gorbik: "[PATCH] mm: hugetlb_vmemmap: include missing linux/moduleparam.h"
Previous message: Jernej Skrabec: "[PATCH v2 11/11] media: cedrus: h265: Support decoding 10-bit frames"
Next in thread: Vinod Koul: "Re: [PATCH V2] dmaengine: Fix client_count is countered one more incorrectly."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Vinod,

Thoughts on this patch?

Maybe changing the summary to "dmaengine: Fix double increment of client_count in dma_chan_get()"
would be clearer?

On Sat, Oct 01, 2022 at 01:36:52AM +0800, Koba Ko wrote:
> If the passed client_count is 0,
> it would be incremented by balance_ref_count first
> then increment one more.
> This would cause client_count to 2.
>
> cat /sys/class/dma/dma0chan*/in_use
> 2
> 2
> 2

Would this be better?

The first time dma_chan_get() is called for a channel the channel
client_count is incorrectly incremented twice for public channels,
first in balance_ref_count(), and again prior to returning. This
results in an incorrect client count which will lead to the
channel resources not being freed when they should be. A simple
test of repeated module load and unload of async_tx on a Dell
Power Edge R7425 also shows this resulting in a kref underflow
warning.

Regards,
Jerry

>
> Fixes: d2f4f99db3e9 ("dmaengine: Rework dma_chan_get")
> Signed-off-by: Koba Ko <koba.ko@xxxxxxxxxxxxx>
> Reviewed-by: Jie Hai <haijie1@xxxxxxxxxx>
> Test-by: Jie Hai <haijie1@xxxxxxxxxx>
> Reviewed-by: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>
> Reviewed-by: Dave Jiang <dave.jiang@xxxxxxxxx>
>
> ---
> V2: Remove [3/3] on subject.
> ---
> drivers/dma/dmaengine.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c
> index 2cfa8458b51be..78f8a9f3ad825 100644
> --- a/drivers/dma/dmaengine.c
> +++ b/drivers/dma/dmaengine.c
> @@ -451,7 +451,8 @@ static int dma_chan_get(struct dma_chan *chan)
> /* The channel is already in use, update client count */
> if (chan->client_count) {
> __module_get(owner);
> - goto out;
> + chan->client_count++;
> + return 0;
> }
>
> if (!try_module_get(owner))
> @@ -470,11 +471,11 @@ static int dma_chan_get(struct dma_chan *chan)
> goto err_out;
> }
>
> + chan->client_count++;
> +
> if (!dma_has_cap(DMA_PRIVATE, chan->device->cap_mask))
> balance_ref_count(chan);
>
> -out:
> - chan->client_count++;
> return 0;
>
> err_out:
> --
> 2.25.1
>

Next message: Vasily Gorbik: "[PATCH] mm: hugetlb_vmemmap: include missing linux/moduleparam.h"
Previous message: Jernej Skrabec: "[PATCH v2 11/11] media: cedrus: h265: Support decoding 10-bit frames"
Next in thread: Vinod Koul: "Re: [PATCH V2] dmaengine: Fix client_count is countered one more incorrectly."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]